From $URL: c-icap Server contains a flaw in the parse_request() function of request.c that may allow a remote denial of service. The issue is triggered when the buffer fails to contain a ' ' or '?' symbol, which will cause the end pointer to increase and surpass allocated memory. With a specially crafted request (e.g. via the OPTIONS method), a remote attacker can cause a loss of availability for the program. EOF All versions are vulnerable. Currently, we don't have a official upgrades from the vendor. However, i want propose the patch that corrects this issue: --- c-icap-0.2.2.orig/request.c 2013-02-03 16:37:43.000000000 +0000 +++ c-icap-02.2/request.c 2012-06-19 12:55:51.000000000 +0000 @@ -267,7 +267,7 @@ req->req_server[servnamelen] = '\0'; if (*end == '/') { /*service */ start = ++end; - while (*end != ' ' && *end != '?') + while (*end != '\0' && *end != ' ' && *end != '?') end++; len = end - start; if (len > 0) {
*** Bug 455316 has been marked as a duplicate of this bug. ***
Thanks for the report, Petr.
@maintainers: does the proposed patch seem reasonable?
Upstream has patched this in line 299 with a slightly more intrusive approach: http://sourceforge.net/p/c-icap/code/HEAD/tree/c-icap-server/trunk/c-icap/request.c As \0 leads to false, this includes the behavior from the patch Petr suggests. This is _not_ part of their 0.2.6 release: http://sourceforge.net/p/c-icap/code/HEAD/tree/c-icap-server/tags/c_icap_0_2_6/request.c So, I have decided to bump to 0.2.6 and backport line 299 from trunk in a patch. + 08 Oct 2013; Tom Wijsman <TomWij@gentoo.org> +c-icap-0.2.6.ebuild, + +files/c-icap-0.2.6-fix-icap-parsing.patch: + Version bump to 0.2.6, patch DoS due to patching bug for security bug #455324; + removal of forced openrc dependency. Arch teams: Please stabilize net-proxy/c-icap-0.2.6, target: amd64 x86 Feel free to remove the older versions once stabilization succeeded. If you can't properly test it (I can't); please wait for flameeyes to do so, or in absence please consider to apply the patch against an earlier version then.
amd64 stable
Arches, please test and mark stable: =net-proxy/c-icap-0.2.6 Target keywords : "amd64 x86" Note: URL Removed from Whiteboard: http://sourceforge.net/p/c-icap/code/1018/
x86 stable
GLSA Vote: Yes
Maintainer(s), please drop the vulnerable version(s).
YES too, request filed.
Maintainer timeout, cleanup done.
This issue was resolved and addressed in GLSA 201409-07 at http://security.gentoo.org/glsa/glsa-201409-07.xml by GLSA coordinator Kristian Fiskerstrand (K_F).