SHARE
TWEET

squid_forgery.patch

punces Nov 16th, 2016 237 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. --- src/client_side_request.cc  2014-03-09 06:40:56.000000000 -0300
  2. +++ src/client_side_request.cc  2014-04-21 02:53:11.277155130 -0300
  3. @@ -545,6 +545,16 @@
  4.              }
  5.              debugs(85, 3, HERE << "validate IP " << clientConn->local << " non-match from Host: IP " << ia->in_addrs[i]);
  6.          }
  7. +
  8. +        if (true) {
  9. +            unsigned short port = clientConn->local.port();
  10. +            debugs(85, 3, HERE << "[anti-forgery] Host-non-matched remote IP (" << clientConn->local << ") was replaced with the first Host resolved IP (" << ia->in_addrs[0] << ":" << clientConn->local.port() << ")");
  11. +            clientConn->local = ia->in_addrs[0];
  12. +            clientConn->local.port(port);
  13. +            http->request->flags.hostVerified = true;
  14. +            http->doCallouts();
  15. +            return;
  16. +        }
  17.      }
  18.      debugs(85, 3, HERE << "FAIL: validate IP " << clientConn->local << " possible from Host:");
  19.      hostHeaderVerifyFailed("local IP", "any domain IP");
RAW Paste Data
Top