RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 990186 - squid: cachemgr regression introduced in RHSA-2013:0505
Summary: squid: cachemgr regression introduced in RHSA-2013:0505
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: squid
Version: 6.4
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Pavel Šimerda (pavlix)
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 1009402
TreeView+ depends on / blocked
 
Reported: 2013-07-30 14:25 UTC by Tomas Hoger
Modified: 2013-11-14 10:36 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-11-14 10:36:37 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)
Upstream patch (931 bytes, patch)
2013-09-11 09:56 UTC, Michal Luscon
no flags Details | Diff

Description Tomas Hoger 2013-07-30 14:25:38 UTC
Description of problem:
A fix for CVE-2012-5643 released via RHSA-2013:0505 as part of Red Hat Enterprise Linux 6.4 introduced a regression to the cachemgr.cgi.  CGI application crashes whenever an attempt is made to make an authenticated connection to a proxy server.

Version-Release number of selected component (if applicable):
squid-3.1.10-18.el6_4

Steps to Reproduce:
1. install squid and httpd
2. open http://localhost/Squid/cgi-bin/cachemgr.cgi
3. enter arbitrary value to the password field and submit
4. see Internal Server Error and httpd error_log containing a crash backtrace starting as:

*** glibc detected *** /usr/lib/squid/cachemgr.cgi: free(): invalid pointer: 0x00ca7260 ***
======= Backtrace: =========
/lib/libc.so.6(+0x70e31)[0x26ee31]
/usr/lib/squid/cachemgr.cgi(+0x87ee)[0xc9b7ee]
/usr/lib/squid/cachemgr.cgi(main+0x7d9)[0xc971a9]
/lib/libc.so.6(__libc_start_main+0xe6)[0x214ce6]
/usr/lib/squid/cachemgr.cgi(+0x1e51)[0xc94e51]

Additional info:
The problem is in tools/cachemgr.cc make_auth_header(), which was modified by the patch to free str64 returned by base64_encode().  However, pointer returned by base64_encode() is a pointer to base64_encode()'s static result[] array, not a dynamically allocate memory (that is difference from squid 3.2 code base).

References:
http://bugs.squid-cache.org/show_bug.cgi?id=3790
http://bazaar.launchpad.net/~squid/squid/3.1/revision/10486
http://bugs.squid-cache.org/show_bug.cgi?id=3881
http://bugs.centos.org/view.php?id=6572

Comment 3 Eliezer Croitoru 2013-07-30 15:43:50 UTC
Squid now is already releasing 3.4.0.1 beta which means that RH is far being just BUG fixes but already late in distributing the latest stable which is 3.3.8.

Eliezer

Comment 5 Tomas Hoger 2013-08-01 19:22:19 UTC
(In reply to Eliezer Croitoru from comment #3)
> Squid now is already releasing 3.4.0.1 beta which means that RH is far being
> just BUG fixes but already late in distributing the latest stable which is
> 3.3.8.

This bug report is about the specific problem.  If you are interesting in other fixes or enhancements from newer upstream squid version, please consider filing separate request with details.

Comment 6 Michal Luscon 2013-09-11 09:56:46 UTC
Created attachment 796320 [details]
Upstream patch

Comment 10 Eliezer Croitoru 2013-09-20 01:31:04 UTC
(In reply to Michal Luscon from comment #6)
> Created attachment 796320 [details]
> Upstream patch

This patch was tested in the newer version of squid.
I do not know how it goes inside RH but, this patch means there is an update to the RPM?

Eliezer

Comment 11 Ondrej Vasik 2013-09-20 07:54:58 UTC
Once it gets through the internal testing, there will be an updated oficially supported rpm available.


Note You need to log in before you can comment on or make changes to this bug.