git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Amos Jeffries <squid3@treenet.co.nz>
	Wed, 3 Aug 2011 12:35:41 +0000 (06:35 -0600)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Wed, 3 Aug 2011 12:35:41 +0000 (06:35 -0600)
commit	fe97983f87b43eaf1a8df370fd1c40d2ba404bdb
tree	9e58e4151e4d37a5cd62b8b6b919877d0dc1047f	tree
parent	7e8c4ee9f88657e5ccd595b344eb81efc4ac10b9	commit \| diff

Bug 3243: CVE-2009-0801 Bypass of browser same-origin access control in intercepted communication

Add a verify step between header parsing and http_access to validate that the
Host: header matches the URL for forward-proxied traffic or the destination
IP:port for intercepted traffic.

This is part 1 of the CVE protections. The validation step required to detect
forgery and protect against cache poisoning.

src/ClientRequestContext.h		diff \| blob \| blame \| history
src/client_side_request.cc		diff \| blob \| blame \| history

Mirror of https://github.com/squid-cache/squid.git

RSS Atom