!38 fix CVE-2021-23017

From: @yangl777 Reviewed-by: @yaqiangchen Signed-off-by: @yaqiangchen
2021-06-16 01:45:40 +00:00 · 2021-06-16 01:45:40 +00:00 · 803f0920df
commit 803f0920df
parent c1b3edde71 dc25f7f2eb
2 changed files with 39 additions and 1 deletions
--- a/CVE-2021-23017.patch
+++ b/CVE-2021-23017.patch
@ -0,0 +1,34 @@
 From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
 From: Maxim Dounin <mdounin@mdounin.ru>
 Date: Tue, 25 May 2021 15:17:36 +0300
 Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
 Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
 ---
 src/core/ngx_resolver.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)
 diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
 index 7939070102..63b26193df 100644
 --- a/src/core/ngx_resolver.c
 +++ b/src/core/ngx_resolver.c
@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
             n = *src++;
         } else {
 +            if (dst != name->data) {
 +                *dst++ = '.';
 +            }
 +
             ngx_strlow(dst, src, n);
             dst += n;
             src += n;
             n = *src++;
 -
 -            if (n != 0) {
 -                *dst++ = '.';
 -            }
         }
         if (n == 0) {
--- a/nginx.spec
+++ b/nginx.spec
@ -14,7 +14,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.18.0
-Release:           4
+Release:           5
 Summary:           A HTTP server, reverse proxy and mail proxy server
 License:           BSD
 URL:               http://nginx.org/
@ -34,6 +34,7 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10
 Patch0:            nginx-auto-cc-gcc.patch
 Patch1:            nginx-1.12.1-logs-perm.patch
 Patch2:            nginx-fix-pidfile.patch
 Patch3:            CVE-2021-23017.patch
 BuildRequires:     gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
 Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}        
@ -345,6 +346,9 @@ fi
 %{_mandir}/man8/nginx.8*
 %changelog
 * Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.18.0-5
 - fix CVE-2021-23017
 * Sat Mar 20 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 1:1.18.0-4
 - Fix NGINX pidfile handling