Squid-2.2.STABLE3: Verify object meta-data on swap-in A additional safeguard to protect Squid from cache pollution/corruption. This patch verifies that the swapped in object matches the URL, if not then the object is discarded. This also fixes a potential false-object-hit introduced by Squids hashed store keys. Index: squid/src/store_client.c diff -u squid/src/store_client.c:1.1.1.19 squid/src/store_client.c:1.1.1.19.2.1 --- squid/src/store_client.c:1.1.1.19 Wed May 19 23:27:22 1999 +++ squid/src/store_client.c Thu May 20 01:00:18 1999 @@ -361,7 +361,8 @@ int swap_hdr_sz = 0; size_t body_sz; size_t copy_sz; - tlv *tlv_list; + tlv *tlv_list, *t; + int swap_object_ok = 1; assert(sc->flags.disk_io_pending); sc->flags.disk_io_pending = 0; assert(sc->callback != NULL); @@ -380,10 +381,38 @@ return; } /* - * XXX Here we should check the meta data and make sure we got - * the right object. + * Check the meta data and make sure we got the right object. */ + for (t = tlv_list; t; t = t->next) { + switch(t->type) { +#if 0 /* Probably not a good idea.. may race with other requests making this object private.. */ + case STORE_META_KEY: + assert(t->length == MD5_DIGEST_CHARS); + if (memcmp(t->value, e->key, MD5_DIGEST_CHARS) != 0) { + debug(20, 1) ("storeClientReadHeader: Swap object key does not match\n"); + swap_object_ok = 0; + break; + } + break; +#endif + case STORE_META_URL: + if (mem->url) { + if (strcasecmp(mem->url, t->value) != 0) { + debug(20, 1) ("storeClientReadHeader: Swap object URL does not match, %s != %s\n", t->value, mem->url); + swap_object_ok = 0; + break; + } + } + break; + } + } storeSwapTLVFree(tlv_list); + if (!swap_object_ok) { + debug(20, 1) ("storeClientReadHeader: Swap object does not match meta data\n"); + sc->callback = NULL; + callback(sc->callback_data, sc->copy_buf, -1); + return; + } mem->swap_hdr_sz = swap_hdr_sz; mem->object_sz = e->swap_file_sz - swap_hdr_sz; /*