Debian Bug report logs -
#547047
polipo crashes when server reply contains "Cache-Control: max-age"
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Wed, 16 Sep 2009 21:51:01 UTC
Severity: grave
Tags: patch
Found in version polipo/1.0.4-1
Fixed in versions polipo/1.0.4-1.1, polipo/1.0.4-1+lenny1, polipo/1.0.4.1-1
Done: Erinn Clark <erinn@torproject.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, fechiny@gmail.com (Denis V. Sirotkin):
Bug#547047; Package polipo.
(Wed, 16 Sep 2009 21:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to fechiny@gmail.com (Denis V. Sirotkin).
(Wed, 16 Sep 2009 21:51:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: polipo
Version: 1.0.4-1
Severity: grave
Tags: patch
Justification: renders package unusable
When polipo receives a "Cache-Control: max-age" line without a value,
it logs a parsing error but then continues to use the not-parsed value,
resulting in a segfault. It does this in several places in http_parse.c.
I have attached a stacktrace and patch that seems to
work for me. You should check that I have not missed an occurence of the
same error.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/dash
Versions of packages polipo depends on:
ii libc6 2.9-26 GNU C Library: Shared libraries
polipo recommends no packages.
polipo suggests no packages.
-- no debconf information
[polipo.patch (text/plain, attachment)]
[polipo.stacktrace (text/plain, attachment)]
Information forwarded
to debian-bugs-dist@lists.debian.org, fechiny@gmail.com (Denis V. Sirotkin):
Bug#547047; Package polipo.
(Mon, 21 Sep 2009 18:45:20 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to fechiny@gmail.com (Denis V. Sirotkin).
(Mon, 21 Sep 2009 18:45:20 GMT) (full text, mbox, link).
Message #10 received at 547047@bugs.debian.org (full text, mbox, reply):
I intend to do a NMU for this issue in a few days.
Reply sent
to Stefan Fritsch <sf@debian.org>:
You have taken responsibility.
(Wed, 23 Sep 2009 20:15:22 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(Wed, 23 Sep 2009 20:15:22 GMT) (full text, mbox, link).
Message #15 received at 547047-close@bugs.debian.org (full text, mbox, reply):
Source: polipo
Source-Version: 1.0.4-1.1
We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:
polipo_1.0.4-1.1.diff.gz
to pool/main/p/polipo/polipo_1.0.4-1.1.diff.gz
polipo_1.0.4-1.1.dsc
to pool/main/p/polipo/polipo_1.0.4-1.1.dsc
polipo_1.0.4-1.1_i386.deb
to pool/main/p/polipo/polipo_1.0.4-1.1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 547047@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated polipo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 23 Sep 2009 21:29:43 +0200
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4-1.1
Distribution: unstable
Urgency: medium
Maintainer: Denis V. Sirotkin <fechiny@gmail.com>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
polipo - a small, caching web proxy
Closes: 547047
Changes:
polipo (1.0.4-1.1) unstable; urgency=medium
.
* Non-maintainer upload for RC bug fix.
* Fix segfault when server sends Cache-Control: max-age without a value
(closes: #547047).
Checksums-Sha1:
a95a3acd725dd605b1e9ac8b96943d89946edf32 1022 polipo_1.0.4-1.1.dsc
95f79c5b96d8715717af8ad49398f2008c024ab8 10787 polipo_1.0.4-1.1.diff.gz
4e0dfeece06fe37bda61ee0500247e656520af23 191372 polipo_1.0.4-1.1_i386.deb
Checksums-Sha256:
4a2e327f0874ab3779e7f798566930ff7256c9b6b36caef3f4b4f6aa2ec01bc8 1022 polipo_1.0.4-1.1.dsc
4faa3d01eba7846f48528ad2fc9c8eab40be2c0240dea9437b3b0f830c30fbe5 10787 polipo_1.0.4-1.1.diff.gz
684f97cbee238cd85783dfbf962bca0494b26a847ebb5942858edda554c12b8b 191372 polipo_1.0.4-1.1_i386.deb
Files:
5c00f88c2c12665000373f1ca5d73386 1022 web optional polipo_1.0.4-1.1.dsc
59957d7f3beaea41efa3eeffe8016326 10787 web optional polipo_1.0.4-1.1.diff.gz
daa16a9587813d4f5dd9530dee6d9867 191372 web optional polipo_1.0.4-1.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD8DBQFKunijbxelr8HyTqQRAj/XAKCGeOv/e3XN/Sa+2qlLYEPXwxGZEwCggooi
cRgxtbF0DnQ24clBlWxrSRk=
=W3qC
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, fechiny@gmail.com (Denis V. Sirotkin):
Bug#547047; Package polipo.
(Wed, 16 Dec 2009 07:06:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
Extra info received and forwarded to list. Copy sent to fechiny@gmail.com (Denis V. Sirotkin).
(Wed, 16 Dec 2009 07:06:03 GMT) (full text, mbox, link).
Message #20 received at 547047@bugs.debian.org (full text, mbox, reply):
This is now CVE-2009-3305
Reply sent
to Stefan Fritsch <sf@debian.org>:
You have taken responsibility.
(Fri, 19 Feb 2010 20:00:05 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(Fri, 19 Feb 2010 20:00:05 GMT) (full text, mbox, link).
Message #25 received at 547047-close@bugs.debian.org (full text, mbox, reply):
Source: polipo
Source-Version: 1.0.4-1+lenny1
We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:
polipo_1.0.4-1+lenny1.diff.gz
to main/p/polipo/polipo_1.0.4-1+lenny1.diff.gz
polipo_1.0.4-1+lenny1.dsc
to main/p/polipo/polipo_1.0.4-1+lenny1.dsc
polipo_1.0.4-1+lenny1_i386.deb
to main/p/polipo/polipo_1.0.4-1+lenny1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 547047@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Stefan Fritsch <sf@debian.org> (supplier of updated polipo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 17 Feb 2010 20:31:37 +0100
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4-1+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Denis V. Sirotkin <fechiny@gmail.com>
Changed-By: Stefan Fritsch <sf@debian.org>
Description:
polipo - a small, caching web proxy
Closes: 547047 560779
Changes:
polipo (1.0.4-1+lenny1) stable-security; urgency=high
.
[ Stefan Fritsch ]
* Non-maintainer upload by the Security Team.
* Backport various security related bug fixes from upstream git.
* Fix segfault when server sends Cache-Control: max-age without a value
(closes: #547047, CVE-2009-3305).
.
[ Andreas Kirschbaum ]
* Apply upstream commit to fix DoS via overly large "Content-Length"
header; fixes CVE-2009-4413 (closes: #560779)
Checksums-Sha1:
485ac6e4844c157bd4e0ebd56302aa82e694dec6 1042 polipo_1.0.4-1+lenny1.dsc
ba562906d125a6bf72dc36c2d078147d40cf8722 180487 polipo_1.0.4.orig.tar.gz
1808bdf4f47219863d7de6894af2fbab98f93500 13430 polipo_1.0.4-1+lenny1.diff.gz
f253afca3c423bd3b0789db7655f9db6c7662f80 191848 polipo_1.0.4-1+lenny1_i386.deb
Checksums-Sha256:
90a376437eb8e4ccde04e6cb7dc541037c69cf7fdb7a94b236456e853be96e93 1042 polipo_1.0.4-1+lenny1.dsc
f6458a3ab2548280d4f5596f8d5ae60c61ddf7147ee0b3bb2d67b96da49c0436 180487 polipo_1.0.4.orig.tar.gz
b4eaf56b26226f0681df3473271eb5110e4fff6acca549a5160f04e05a9aa8e8 13430 polipo_1.0.4-1+lenny1.diff.gz
9f8c0507255e42052aee2604ee8aeb7fc475f5bc1a83444046cf427722a5bd24 191848 polipo_1.0.4-1+lenny1_i386.deb
Files:
4bb50ed5472fcd6b264cb89816586bbe 1042 web optional polipo_1.0.4-1+lenny1.dsc
defdce7f8002ca68705b6c2c36c4d096 180487 web optional polipo_1.0.4.orig.tar.gz
4cc90f3327e4018c56b4e140cbcb2f46 13430 web optional polipo_1.0.4-1+lenny1.diff.gz
33af29a3f9e091dd6437fc3f3bfccab9 191848 web optional polipo_1.0.4-1+lenny1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iD4DBQFLfE0tbxelr8HyTqQRAmmRAJ47Hx4C3QUud/up/BzZhk8sVS4ajgCY46fY
eeuA08NSfFby46IUIzFbbQ==
=6XhM
-----END PGP SIGNATURE-----
Reply sent
to Erinn Clark <erinn@torproject.org>:
You have taken responsibility.
(Sat, 03 Apr 2010 18:48:05 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(Sat, 03 Apr 2010 18:48:05 GMT) (full text, mbox, link).
Message #30 received at 547047-close@bugs.debian.org (full text, mbox, reply):
Source: polipo
Source-Version: 1.0.4.1-1
We believe that the bug you reported is fixed in the latest version of
polipo, which is due to be installed in the Debian FTP archive:
polipo_1.0.4.1-1.diff.gz
to main/p/polipo/polipo_1.0.4.1-1.diff.gz
polipo_1.0.4.1-1.dsc
to main/p/polipo/polipo_1.0.4.1-1.dsc
polipo_1.0.4.1-1_i386.deb
to main/p/polipo/polipo_1.0.4.1-1_i386.deb
polipo_1.0.4.1.orig.tar.gz
to main/p/polipo/polipo_1.0.4.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 547047@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Erinn Clark <erinn@torproject.org> (supplier of updated polipo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 31 Mar 2010 19:26:20 -0700
Source: polipo
Binary: polipo
Architecture: source i386
Version: 1.0.4.1-1
Distribution: unstable
Urgency: low
Maintainer: Erinn Clark <erinn@torproject.org>
Changed-By: Erinn Clark <erinn@torproject.org>
Description:
polipo - a small, caching web proxy
Closes: 481601 547047 574613
Changes:
polipo (1.0.4.1-1) unstable; urgency=low
.
* New maintainer.
* New upstream release.
* Update Standards-Version to 3.8.4.
* Remove duplicate word in long description (closes: #574613)
* Remove 30_log-permission patch. (closes: #481601)
* Remove 40_segfault_max_age.dpatch. (closes: #547047)
* Remove 50_integer_overflow.dpatch. Fixed upstream.
* Remove 60_security_fixes.dpatch. Fixed upstream.
* Put /var/cache/polipo and /var/log/polipo in the .deb and
stop managing them in postinst and postrm.
* Remove offline and online options from polipo-control.
Checksums-Sha1:
96410ff1e1d2bdb4b5fc8677023b6d62a4dfcca7 1325 polipo_1.0.4.1-1.dsc
e755b585a9bba2b599a6bcc7c6f7035d3cb27bec 180121 polipo_1.0.4.1.orig.tar.gz
199ad14d780ed116e3168735e32e196fa3b066d7 10405 polipo_1.0.4.1-1.diff.gz
b072e617b44242997f22b246c0629a280e3f6415 191566 polipo_1.0.4.1-1_i386.deb
Checksums-Sha256:
32ec3a0f2a7e620895a17ec9a19734bcd7f84dab0fd8f1377f834cad35e6e1a9 1325 polipo_1.0.4.1-1.dsc
8d6fbfdec600d42823e483b0143704c6f179c349803028a4d2cef056b79f7cfa 180121 polipo_1.0.4.1.orig.tar.gz
22696b8b84264b0c2370435c830ffedcc35303f2c5daf2bd8ba1b8de9b05fd46 10405 polipo_1.0.4.1-1.diff.gz
51dc36e54a1306958735c1b8ab4418995750b6285573b79e5026f8faa0f1aa86 191566 polipo_1.0.4.1-1_i386.deb
Files:
eba3d707a38ae6704914b76304c79bf1 1325 web optional polipo_1.0.4.1-1.dsc
bfc5c85289519658280e093a270d6703 180121 web optional polipo_1.0.4.1.orig.tar.gz
8e911db01b50aa682136843868a21b0d 10405 web optional polipo_1.0.4.1-1.diff.gz
4791684b3f9ee66e92776ab00523b596 191566 web optional polipo_1.0.4.1-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJLtBK3AAoJEEFvBhBj/uZZ21wH/jCVjb6nUUxqyuykU04lkmYG
vso1eEneXOUA7ww+GG2EQrdsuxDikwJCFkBuccPPdziDBiCaSvbv9YuZ2bsvjM89
8EWkGuS08ihLE5EVMj8sEQPTnjSCkIKWbXG/D5+Uj5Eja3YPYMfiNjLIcQ1z1FI7
4/C7QL2v2NGPK8xe0c43Das9u3c+hG077fArLFbR9DSwfVQFqLnNpFe9nD0R50Fb
f3e1yY8psc1Yu5lUDuh0W+qj++B9Ib85UP0vqMkAKT+82j1icWiWx92QRYr85Kn2
Rm3nWNaENW9G2I4Jbl6Gm6jSjLv+bwcNx21uXlY8HQjqGTdOpNi6wWtwReiapuU=
=tE8e
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sun, 27 Jun 2010 07:37:55 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:58:02 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon