Package: squid3 / 3.4.8-6+deb8u5

41-squid-3.4-13239-CVE-2016-4554.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
Origin: upstream, http://bazaar.launchpad.net/~squid/squid/3.4/revision/13239

=== modified file 'src/mime_header.cc'
--- a/src/mime_header.cc
+++ b/src/mime_header.cc
@@ -58,10 +58,13 @@
 
     debugs(25, 5, "mime_get_header: looking for '" << name << "'");
 
-    for (p = mime; *p; p += strcspn(p, "\n\r")) {
-        if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
+    for (p = mime; *p; p += strcspn(p, "\n")) {
+        if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
             return NULL;
 
+        if (*p == '\n')
+            ++p;
+
         if (strncasecmp(p, name, namelen))
             continue;