proxy.cgi: Fix for Bug #12826 'squid >=5 crashes on literal IPv6 addresses'
Commit Message
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
---
html/cgi-bin/proxy.cgi | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
Comments
Reviewed-by: Bernhard Bitsch <bbitsch@ipfire.org>
Am 30.09.2022 um 21:05 schrieb Matthias Fischer:
> Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
> ---
> html/cgi-bin/proxy.cgi | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
> index 577d37b93..b4073343e 100644
> --- a/html/cgi-bin/proxy.cgi
> +++ b/html/cgi-bin/proxy.cgi
> @@ -3525,9 +3525,19 @@ END
> $_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
> print FILE $_;
> }
> - print FILE "\n#End of custom includes\n";
> + print FILE "\n#End of custom includes\n\n";
> close (ACL);
> }
> +
> + print FILE <<END
> +# Prevent ipv6 requests to avoid crash in squid > 5.x
> +acl to_ipv6 dst ipv6
> +acl from_ipv6 src ipv6
> +http_access deny to_ipv6
> +http_access deny from_ipv6
> +END
> + ;
> +
> if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
>
> # Check if squidclamav is enabled.
@@ -3525,9 +3525,19 @@ END
$_ =~ s/__PROXY_PORT__/$proxysettings{'PROXY_PORT'}/;
print FILE $_;
}
- print FILE "\n#End of custom includes\n";
+ print FILE "\n#End of custom includes\n\n";
close (ACL);
}
+
+ print FILE <<END
+# Prevent ipv6 requests to avoid crash in squid > 5.x
+acl to_ipv6 dst ipv6
+acl from_ipv6 src ipv6
+http_access deny to_ipv6
+http_access deny from_ipv6
+END
+ ;
+
if ((!-z $extgrp) && ($proxysettings{'AUTH_METHOD'} eq 'ncsa') && ($proxysettings{'NCSA_BYPASS_REDIR'} eq 'on')) { print FILE "\nredirector_access deny for_extended_users\n"; }
# Check if squidclamav is enabled.