Fixes the following security issue:
- SQUID-2020:12 Out-Of-Bounds memory access in WCCPv2
(CVE-2021-28116 aka ZDI-CAN-11610)
Due to an out of bounds memory access Squid is vulnerable to an
information leak vulnerability when processing WCCPv2 messages.
This problem allows a WCCPv2 sender to corrupt Squids list of
known WCCP routers and divert client traffic to attacker
controlled routers.
This attack is limited to Squid proxy with WCCPv2 enabled and
IP spoofing of a router IP address configured as trusted in
squid.conf.
For more details, see the advisory:
http://lists.squid-cache.org/pipermail/squid-announce/2021-October/000136.html
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
6263c1f9a9