Red Hat Bugzilla – Bug 990186
squid: cachemgr regression introduced in RHSA-2013:0505
Last modified: 2013-11-14 05:36:37 EST
Description of problem:
A fix for CVE-2012-5643 released via RHSA-2013:0505 as part of Red Hat Enterprise Linux 6.4 introduced a regression to the cachemgr.cgi. CGI application crashes whenever an attempt is made to make an authenticated connection to a proxy server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install squid and httpd
2. open http://localhost/Squid/cgi-bin/cachemgr.cgi
3. enter arbitrary value to the password field and submit
4. see Internal Server Error and httpd error_log containing a crash backtrace starting as:
*** glibc detected *** /usr/lib/squid/cachemgr.cgi: free(): invalid pointer: 0x00ca7260 ***
======= Backtrace: =========
The problem is in tools/cachemgr.cc make_auth_header(), which was modified by the patch to free str64 returned by base64_encode(). However, pointer returned by base64_encode() is a pointer to base64_encode()'s static result array, not a dynamically allocate memory (that is difference from squid 3.2 code base).
Squid now is already releasing 22.214.171.124 beta which means that RH is far being just BUG fixes but already late in distributing the latest stable which is 3.3.8.
(In reply to Eliezer Croitoru from comment #3)
> Squid now is already releasing 126.96.36.199 beta which means that RH is far being
> just BUG fixes but already late in distributing the latest stable which is
This bug report is about the specific problem. If you are interesting in other fixes or enhancements from newer upstream squid version, please consider filing separate request with details.
Created attachment 796320 [details]
(In reply to Michal Luscon from comment #6)
> Created attachment 796320 [details]
> Upstream patch
This patch was tested in the newer version of squid.
I do not know how it goes inside RH but, this patch means there is an update to the RPM?
Once it gets through the internal testing, there will be an updated oficially supported rpm available.