Package: squid3 / 3.4.8-6+deb8u5

41-squid-3.4-13236-CVE-2016-4554.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
Origin: upstream, http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13236.patch

------------------------------------------------------------
revno: 13236
revision-id: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg
parent: squid3@treenet.co.nz-20160420111514-4hpxglbn9k15l5sa
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.4
timestamp: Mon 2016-05-02 15:42:53 +1200
message:
  Require exact match in Host header name lookup
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: c50f0048991f1b3e797b164cd0af166e3ea6763a
# timestamp: 2016-05-02 03:50:58 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squid3@treenet.co.nz-20160420111514-\
#   4hpxglbn9k15l5sa
# 
# Begin patch
=== modified file 'src/mime_header.cc'
--- a/src/mime_header.cc
+++ b/src/mime_header.cc
@@ -62,9 +62,6 @@
         if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
             return NULL;
 
-        while (xisspace(*p))
-            ++p;
-
         if (strncasecmp(p, name, namelen))
             continue;