From e8a9d9d09de9d73a3215b94508cd64fa0bd59699 Mon Sep 17 00:00:00 2001
From: xh <xingheyd@163.com>
Date: Wed, 26 Jun 2024 02:57:04 +0000
Subject: [PATCH] fix CVE-2024-37894

---
 backport-CVE-2024-37894.patch | 32 ++++++++++++++++++++++++++++++++
 squid.spec                    |  9 ++++++++-
 2 files changed, 40 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2024-37894.patch

diff --git a/backport-CVE-2024-37894.patch b/backport-CVE-2024-37894.patch
new file mode 100644
index 0000000..e3387be
--- /dev/null
+++ b/backport-CVE-2024-37894.patch
@@ -0,0 +1,32 @@
+From 920563e7a080155fae3ced73d6198781e8b0ff04 Mon Sep 17 00:00:00 2001
+From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
+Date: Sun, 2 Jun 2024 14:41:16 +0000
+Subject: [PATCH] Bug 5378: type mismatch in libTrie (#1830)
+
+TrieNode::add() incorrectly computed an offset of an internal data
+structure, resulting in out-of-bounds memory accesses that could cause
+corruption or crashes.
+
+This bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html
+where it was filed as "Buffer Underflow in ESI".
+
+Conflict: NA
+Reference: https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
+---
+ lib/libTrie/TrieNode.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc
+index 0f991a06d3e..d417e0f5448 100644
+--- a/lib/libTrie/TrieNode.cc
++++ b/lib/libTrie/TrieNode.cc
+@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void *privatedata, TrieChar
+     /* We trust that privatedata and existant keys have already been checked */
+ 
+     if (theLength) {
+-        int index = transform ? (*transform)(*aString): *aString;
++        const unsigned char index = transform ? (*transform)(*aString): *aString;
+ 
+         if (!internal[index])
+             internal[index] = new TrieNode;
diff --git a/squid.spec b/squid.spec
index 681ca64..35a79b7 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.9
-Release:  20
+Release:  21
 Summary:  The Squid proxy caching server
 Epoch:    7
 License:  GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@@ -54,6 +54,7 @@ Patch33:backport-CVE-2023-49286.patch
 Patch34:backport-CVE-2023-50269.patch
 Patch35:backport-CVE-2024-23638.patch
 Patch36:backport-CVE-2024-25617.patch
+Patch37:backport-CVE-2024-37894.patch
 
 Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@@ -239,6 +240,12 @@ fi
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Wed Jun 26 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-21
+- Type:cves
+- ID:CVE-2024-37894
+- SUG:NA
+- DESC:fix CVE-2024-37894
+
 * Tue Feb 20 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-20
 - Type:cves
 - ID:CVE-2024-25617
-- 
Gitee