]> git.ipfire.org Git - thirdparty/squid.git/commitdiff
projects / thirdparty / squid.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1f1eee3)
Prevent %O use by deny_info leading to header smuggling
authorAmos Jeffries <squid3@treenet.co.nz>
Sun, 17 Apr 2016 11:49:54 +0000 (23:49 +1200)
committerAmos Jeffries <squid3@treenet.co.nz>
Sun, 17 Apr 2016 11:49:54 +0000 (23:49 +1200)
src/errorpage.cc patch | blob | blame | history

diff --git a/src/errorpage.cc b/src/errorpage.cc
index bf09a013005f4d928a843fbc02d074217cf71014..200af2a30ed50feb6cedaadef7c6a3ae7ac59964 100644 (file)
--- a/src/errorpage.cc
+++ b/src/errorpage.cc
@@ -928,7 +928,8 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion
         break;
 
     case 'O':
-        do_quote = 0;
+        if (!building_deny_info_url)
+            do_quote = 0;
     case 'o':
         p = request ? request->extacl_message.termedBuf() : external_acl_message;
         if (!p && !building_deny_info_url)
Mirror of https://github.com/squid-cache/squid.git