1 files changed, 51 insertions, 0 deletions

diff --git a/network/squid/patches/squid-3.4-13232.patch b/network/squid/patches/squid-3.4-13232.patch
new file mode 100644
index 0000000000..442c34b16f
--- /dev/null
+++ b/network/squid/patches/squid-3.4-13232.patch
@@ -0,0 +1,51 @@
+------------------------------------------------------------
+revno: 13232
+revision-id: squid3@treenet.co.nz-20160330141410-t6p2dhzr8ri36fap
+parent: squid3@treenet.co.nz-20160220150859-3unryicod1rcx9rm
+author: Yuriy M. Kaminskiy <yumkam@gmail.com>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.4
+timestamp: Thu 2016-03-31 03:14:10 +1300
+message:
+  pinger: Fix buffer overflow in Icmp6::Recv
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160330141410-t6p2dhzr8ri36fap
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
+# testament_sha1: e404755509c03ec58c0c293552a7f2a579810fd3
+# timestamp: 2016-03-30 14:51:02 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
+# base_revision_id: squid3@treenet.co.nz-20160220150859-\
+#   3unryicod1rcx9rm
+# 
+# Begin patch
+=== modified file 'src/icmp/Icmp6.cc'
+--- src/icmp/Icmp6.cc	2014-09-15 05:06:14 +0000
++++ src/icmp/Icmp6.cc	2016-03-30 14:14:10 +0000
+@@ -277,7 +277,7 @@
+     #define ip6_hops	// HOPS!!!  (can it be true??)
+ 
+         ip = (struct ip6_hdr *) pkt;
+-        pkt += sizeof(ip6_hdr);
++        NP: echo size needs to +sizeof(ip6_hdr);
+ 
+     debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
+     		", ip6_plen=" << ip->ip6_plen <<
+@@ -288,7 +288,6 @@
+     */
+ 
+     icmp6header = (struct icmp6_hdr *) pkt;
+-    pkt += sizeof(icmp6_hdr);
+ 
+     if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
+ 
+@@ -313,7 +312,7 @@
+         return;
+     }
+ 
+-    echo = (icmpEchoData *) pkt;
++    echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
+ 
+     preply.opcode = echo->opcode;
+ 
+