File: 0008-upstream-ab5cf0c36b538627c82b3989d6c87d1668c7e081.patch

package info (click to toggle)
squid 7.2-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 33,440 kB
  • sloc: cpp: 184,513; ansic: 12,442; sh: 5,688; makefile: 5,247; perl: 2,560; sql: 326; python: 240; awk: 141; sed: 1
file content (56 lines) | stat: -rw-r--r-- 2,716 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
 
Description: Fix ERR_INVALID_URL for CONNECT host with leading digit
  Squid 7.2 commit b8337359 added validation of host names
  following RFC 1035 requirements. But those requirements were
  outdated by RFC 1123:

  One aspect of host name syntax is hereby changed: the
  restriction on the first character is relaxed to allow either a
  letter or a digit.  Host software MUST support this more liberal
  syntax.

  The commit treated CONNECT host names that start with a decimal digit
  as invalid IPv4 addresses and rejected the corresponding requests,
  resulting in HTTP 404 errors. Undo that change.

  We have considered preserving code that detects valid IPv4 addresses (as
  opposed to treating all non-IPv6 input as an "IPv4 address or reg-name"
  without disambiguating the two cases) because its pieces may be reused,
  but that essentially unused code has non-trivial performance penalty and
  final code may look quite different after we complete our "non-CONNECT
  uri-host parsing code" migration TODO. Polished source code comments
  aside, this change reverts 2025 commit b8337359 and restores 2023
  AnyP::Uri::parseHost() implementation (commit 963ff143).
Author: Alex Rousskov <rousskov@measurement-factory.com>
Origin: upstream
---
This patch header follows DEP-3: http://dep.debian.net/deps/dep3/
Index: pkg-squid/src/anyp/Uri.cc
===================================================================
--- pkg-squid.orig/src/anyp/Uri.cc	2025-10-23 19:14:06.576794642 +0200
+++ pkg-squid/src/anyp/Uri.cc	2025-10-23 19:14:30.192200129 +0200
@@ -637,23 +637,11 @@
 
     // no brackets implies we are looking at IPv4address or reg-name
 
-    static const CharacterSet IPv4chars = CharacterSet("period", ".") + CharacterSet::DIGIT;
-    SBuf ipv4ish; // IPv4address-ish
-    if (tok.prefix(ipv4ish, IPv4chars)) {
-        // This rejects non-IP addresses that our caller would have
-        // otherwise mistaken for a domain name (e.g., '127.0.0' or '1234.5').
-        Ip::Address ipCheck;
-        if (!ipCheck.fromHost(ipv4ish.c_str()))
-            throw TextException("malformed IP address in uri-host", Here());
-
-        return ipv4ish;
-    }
-
-    // XXX: This code does not detect/reject some bad host values (e.g. "!#$%&").
+    // XXX: This code does not detect/reject some bad host values (e.g. `!#$%&`).
     // TODO: Add more checks here, after migrating the
     // non-CONNECT uri-host parsing code to use us.
 
-    SBuf otherHost; // IPv4address-ish or reg-name-ish;
+    SBuf otherHost; // IPv4address-ish or reg-name-ish
     // ":" is not in TCHAR so we will stop before any port specification
     if (tok.prefix(otherHost, CharacterSet::TCHAR))
         return otherHost;