squids ICAP implementation lacks a defer check when reading from ICAP server

2007-12-12T00:00:00
ID SECURITYVULNS:DOC:18622
Type securityvulns
Reporter Securityvulns
Modified 2007-12-12T00:00:00

Description

squids ICAP implementation does not check mem-store size before reading from an ICAP-server. If the user does not confirm browsers download-message-box, squid keeps on reading data from the ICAP server into the memory store, whilst no more data can be delivered to the client. Thus the memory store is growing and squid may - in worst case - consume memory up to the size of the users download. details and a patch can be found on
http://www.squid-cache.org/bugs/show_bug.cgi?id=2136

-- Martin Huter Unit Manager phion AG Eduard-Bodem-Gasse 1 A-6020 Innsbruck

Tel: +43 (0) 508 100 Fax: +43 (0) 508 100 20 Mail: m.huter@phion.com Web: http://www.phion.com

phion AG Vorsitzender des Aufsichtsrates: Dr. Karl Lamprecht Vorstand: Dr. Wieland Alge, Mag. Gunter Klausner Sitz der Gesellschaft: 6020 Innsbruck, Osterreich Handelsgericht Innsbruck Firmenbuch: 184392s UID-Nr:: ATU47509003