On Wed, 04 Jan 2012 20:30:35 +0100, Bram wrote:
Hi,
Some questions about bug 3113 and squid-3.0.STABLE26
http://bugs.squid-cache.org/show_bug.cgi?id=3113
"Squid can eat far too much memory when uploading files."
a) Does anyone have a backport for this bug to squid-3.0?
The fix is commited on squid-3.1 and squid-3.2 but a patch does not
appear to be avaiable
for squid-3.0.
3.0 is obsolete and this is a minor DoS vulnerability only opened as a
vulnerability at all by recent browser changes.
If you can verify that the port works without additional side effects
I'm happy to apply it to the 3.0 branch for a snapshot update.
b) Assuming the answer to question 'a)' is no:
Is anyone able/willing to review the attached patch?
This is a backport (or at least an attmept) to squid-3.0.
The 'patch' is based on:
* http://bugs.squid-cache.org/attachment.cgi?id=2327 - "Possible fix,
fourth iteration"
* http://bazaar.launchpad.net/~squid/squid/3.1/revision/10171 - "Bug
3113: Squid can eat far too much memory when uploading files"
[I obviously tested this and everything appears to be working but a
review would be appreciated]
Seems okay for the bits it is changing. It is missing the cache_cf.cc
config file input validation hunk which can be seen at the top of the
bzr patch though.
I have not reviewed for reads in 3.0 which need to have the
makeSpaceAvailable() check added.
Amos
