Package: squid
Version: 4.6-1+deb10u4
Severity: normal
Tags: upstream
Dear Maintainer,
* What led up to the situation?
Just trying to update a SLES server via our Debian squid proxy fails.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Testing the affected URL without the ;type=i suffix works, or adding a
character immediately before the ;type=i also works.
Looking at the upstream source code of versions 4.11 (I tried back ports)
and 4.13, src/clients/FtpGateway.cc has the following code:
static SBuf str_type_eq("type=");
auto t = request->url.path().rfind(';');
if (t != SBuf::npos) {
auto filenameEnd = t-1;
if (request->url.path().substr(++t).cmp(str_type_eq,
str_type_eq.length()) == 0) {
t += str_type_eq.length();
typecode = (char)xtoupper(request->url.path()[t]);
request->url.path(request->url.path().substr(0,filenameEnd));
}
}
I assume (I am not fluent with C++) that substr expects start and length
(not start and end) and so filenameEnd should be set to t instead fo t-1.
I am sorry that this report is generated on a different machine to the
affected one so the collected system einformation is pretty useless.
The affteced machine is running stable and I also tried the backports
version of squid.
--
Cheers,
Stephen Rothwell
