From db6988b54fceeca5bd11e70d9d284a6160b72055 Mon Sep 17 00:00:00 2001
From: tomcruiseqi <10762123+tomcruiseqi@user.noreply.gitee.com>
Date: Wed, 15 Oct 2025 14:01:36 +0800
Subject: [PATCH] [CVE] CVE-2025-59362

to #26058
add patch to fix CVE-2025-59362
Project: TC2024080204
Signed-off-by: tomcruiseqi <tomcruiseqi@inspur.com>
---
 206-bugfix-for-CVE-2025-59362.patch | 51 +++++++++++++++++++++++++++++
 squid.spec                          |  6 +++-
 2 files changed, 56 insertions(+), 1 deletion(-)
 create mode 100644 206-bugfix-for-CVE-2025-59362.patch

diff --git a/206-bugfix-for-CVE-2025-59362.patch b/206-bugfix-for-CVE-2025-59362.patch
new file mode 100644
index 0000000..b52ee89
--- /dev/null
+++ b/206-bugfix-for-CVE-2025-59362.patch
@@ -0,0 +1,51 @@
+From 250a18e0a80694b919972a1836cdfe20f2e1baa0 Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Sat, 30 Aug 2025 06:49:36 +0000
+Subject: [PATCH] Fix ASN.1 encoding of long SNMP OIDs (#2149)
+
+Conflict: NA
+Reference: http://github.com/squid-cache/squid/commit/250a18e0a80694b919972a1836cdfe20f2e1baa0
+---
+ lib/snmplib/asn1.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/lib/snmplib/asn1.c b/lib/snmplib/asn1.c
+index 81f2051fbe7..2852c26b220 100644
+--- a/lib/snmplib/asn1.c
++++ b/lib/snmplib/asn1.c
+@@ -735,6 +735,7 @@ asn_build_objid(u_char * data, int *datalength,
+      * lastbyte ::= 0 7bitvalue
+      */
+     u_char buf[MAX_OID_LEN];
++    u_char *bufEnd = buf + sizeof(buf);
+     u_char *bp = buf;
+     oid *op = objid;
+     int asnlength;
+@@ -753,6 +754,10 @@ asn_build_objid(u_char * data, int *datalength,
+     while (objidlength-- > 0) {
+         subid = *op++;
+         if (subid < 127) {  /* off by one? */
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = subid;
+         } else {
+             mask = 0x7F;    /* handle subid == 0 case */
+@@ -770,8 +775,16 @@ asn_build_objid(u_char * data, int *datalength,
+                 /* fix a mask that got truncated above */
+                 if (mask == 0x1E00000)
+                     mask = 0xFE00000;
++                if (bp >= bufEnd) {
++                    snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                    return (NULL);
++                }
+                 *bp++ = (u_char) (((subid & mask) >> bits) | ASN_BIT8);
+             }
++            if (bp >= bufEnd) {
++                snmp_set_api_error(SNMPERR_ASN_ENCODE);
++                return (NULL);
++            }
+             *bp++ = (u_char) (subid & mask);
+         }
+     }
diff --git a/squid.spec b/squid.spec
index 61012da..f864790 100644
--- a/squid.spec
+++ b/squid.spec
@@ -1,6 +1,6 @@
 %define __perl_requires %{SOURCE98}
 
-%define anolis_release 3
+%define anolis_release 4
 
 Name:     squid
 Version:  6.11
@@ -32,6 +32,7 @@ Patch203: squid-6.1-perlpath.patch
 Patch204: squid-6.1-symlink-lang-err.patch
 # Upstream PR: https://github.com/squid-cache/squid/pull/1442
 Patch205: squid-6.1-crash-half-closed.patch
+Patch206: 206-bugfix-for-CVE-2025-59362.patch
 
 # cache_swap.sh
 Requires: bash gawk
@@ -299,6 +300,9 @@ fi
 
 
 %changelog
+* Wed Oct 15 2025 tomcruiseqi <tomcruiseqi@inspur.com> - 7:6.11-4
+- Fix CVE-2025-59362
+
 * Mon Nov 18 2024 tingyin duan <tingyin.duan@qq.com> - 7:6.11-3
 - up to verison 6.11
 
-- 
Gitee