FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

squid -- confusing results on empty acl declarations

Affected packages
squid < 2.5.7_5


VuXML ID a30e5e44-5440-11d9-9e1e-c296ac722cb3
Discovery 2004-12-21
Entry 2004-12-23
Modified 2005-02-08

Applying an empty ACL list results in unexpected behavior: anything will match an empty ACL list. For example,

The meaning of the configuration gets very confusing when we encounter empty ACLs such as

acl something src "/path/to/empty_file.txt"
http_access allow something somewhere

gets parsed (with warnings) as

http_access allow somwhere

And similarily if you are using proxy_auth acls without having any auth schemes defined.


CVE Name CVE-2005-0194