Hi, Please find the NMU diff attached.
Cheers, Steffen
diff -u squid3-3.1.6/debian/changelog squid3-3.1.6/debian/changelog
--- squid3-3.1.6/debian/changelog
+++ squid3-3.1.6/debian/changelog
@@ -1,3 +1,11 @@
+squid3 (3.1.6-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Fix DoS due to wrong string handling (Closes: #596086)
+ Fixes: CVE-2010-3072
+
+ -- Steffen Joeris <wh...@debian.org> Mon, 13 Sep 2010 17:07:51 +1000
+
squid3 (3.1.6-1) unstable; urgency=low
* New upstream release
diff -u squid3-3.1.6/debian/patches/00list squid3-3.1.6/debian/patches/00list
--- squid3-3.1.6/debian/patches/00list
+++ squid3-3.1.6/debian/patches/00list
@@ -3,0 +4 @@
+16-CVE-2010-3072
only in patch2:
unchanged:
--- squid3-3.1.6.orig/debian/patches/16-CVE-2010-3072.dpatch
+++ squid3-3.1.6/debian/patches/16-CVE-2010-3072.dpatch
@@ -0,0 +1,123 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+
+...@dpatch@
+--- ../old/squid3-3.1.6/src/SquidString.h 2010-08-02 00:01:39.000000000 +1000
++++ squid3-3.1.6/src/SquidString.h 2010-09-13 17:00:17.000000000 +1000
+@@ -167,6 +167,8 @@
+ void allocBuffer(size_type sz);
+ void setBuffer(char *buf, size_type sz);
+
++ _SQUID_INLINE_ bool nilCmp(bool, bool, int &) const;
++
+ /* never reference these directly! */
+ size_type size_; /* buffer size; 64K limit */
+
+--- ../old/squid3-3.1.6/src/String.cci 2010-08-02 00:01:37.000000000 +1000
++++ squid3-3.1.6/src/String.cci 2010-09-13 17:05:43.000000000 +1000
+@@ -88,19 +88,31 @@
+ }
+
+
+-int
+-String::cmp (char const *aString) const
++/// compare NULL and empty strings because str*cmp() may fail on NULL strings
++/// and because we need to return consistent results for strncmp(count == 0).
++bool
++String::nilCmp(const bool thisIsNilOrEmpty, const bool otherIsNilOrEmpty, int &result) const
+ {
+- /* strcmp fails on NULLS */
++ if (!thisIsNilOrEmpty && !otherIsNilOrEmpty)
++ return false; // result does not matter
+
+- if (size() == 0 && (aString == NULL || aString[0] == '\0'))
+- return 0;
++ if (thisIsNilOrEmpty && otherIsNilOrEmpty)
++ result = 0;
++ else if (thisIsNilOrEmpty)
++ result = -1;
++ else // otherIsNilOrEmpty
++ result = +1;
++
++ return true;
++}
+
+- if (size() == 0)
+- return -1;
+
+- if (aString == NULL || aString[0] == '\0')
+- return 1;
++int
++String::cmp (char const *aString) const
++{
++ int result = 0;
++ if (nilCmp(!size(), (!aString || !*aString), result))
++ return result;
+
+ return strcmp(termedBuf(), aString);
+ }
+@@ -108,19 +120,10 @@
+ int
+ String::cmp (char const *aString, String::size_type count) const
+ {
+- /* always the same at length 0 */
+-
+- if (count == 0)
+- return 0;
++ int result = 0;
++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result))
++ return result;
+
+- if (size() == 0 && (aString == NULL || aString[0] == '\0'))
+- return 0;
+-
+- if (size() == 0)
+- return -1;
+-
+- if (aString == NULL || aString[0] == '\0')
+- return 1;
+
+ return strncmp(termedBuf(), aString, count);
+ }
+@@ -128,16 +131,10 @@
+ int
+ String::cmp (String const &aString) const
+ {
+- /* strcmp fails on NULLS */
+-
+- if (size() == 0 && aString.size() == 0)
+- return 0;
+-
+- if (size() == 0)
+- return -1;
++ int result = 0;
++ if (nilCmp(!size(), !aString.size(), result))
++ return result;
+
+- if (aString.size() == 0)
+- return 1;
+
+ return strcmp(termedBuf(), aString.termedBuf());
+ }
+@@ -145,12 +142,22 @@
+ int
+ String::caseCmp(char const *aString) const
+ {
++ int result = 0;
++ if (nilCmp(!size(), (!aString || !*aString), result))
++ return result;
++
++
+ return strcasecmp(termedBuf(), aString);
+ }
+
+ int
+ String::caseCmp(char const *aString, String::size_type count) const
+ {
++ int result = 0;
++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result))
++ return result;
++
++
+ return strncasecmp(termedBuf(), aString, count);
+ }
+
signature.asc
Description: This is a digitally signed message part.
