CVE

2020-03-16 12:42:41 +08:00 · 2020-03-16 12:42:41 +08:00 · c4c0548efe
commit c4c0548efe
parent 35de0cb036
2 changed files with 36 additions and 2 deletions
--- a/CVE-2019-20372.patch
+++ b/CVE-2019-20372.patch
@ -0,0 +1,28 @@
+From c1be55f97211d38b69ac0c2027e6812ab8b1b94e Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 4ffb2cc8ad..76e6705889 100644
+--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
+@@ -606,6 +606,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+         return ngx_http_named_location(r, &uri);
+     }
+ 
+    r->expect_tested = 1;
+
+    if (ngx_http_discard_request_body(r) != NGX_OK) {
+        r->keepalive = 0;
+    }
+
+     location = ngx_list_push(&r->headers_out.headers);
+ 
+     if (location == NULL) {
--- a/nginx.spec
+++ b/nginx.spec
@ -14,7 +14,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.12.1
-Release:           16
+Release:           17
 Summary:           A HTTP server, reverse proxy and mail proxy server
 License:           BSD
 URL:               http://nginx.org/
@ -36,7 +36,7 @@ Source210:         UPGRADE-NOTES-1.6-to-1.10
 Patch0:            nginx-auto-cc-gcc.patch
 Patch1:            0001-unix-ngx_user-Apply-fix-for-really-old-bug-in-glibc-.patch
 Patch2:            nginx-1.12.1-logs-perm.patch
-
+Patch3:		   CVE-2019-20372.patch
 BuildRequires:     gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
 Requires:          nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
 Requires:          nginx-all-modules = %{epoch}:%{version}-%{release}        
@ -349,6 +349,12 @@ fi
 %{_mandir}/man8/nginx-upgrade.8*

 %changelog
+* Mon Mar 16 2020 openEuler Buildteam <buildteam@openeuler.org> - 1:1.12.1-17
+- Type:bugfix
+- ID:NA
+- SUG:restart
+- DESC: fix CVE-2019-20372
+
 * Sat Dec 28 2019 openEuler Buildteam <buildteam@openeuler.org> - 1:1.12.1-16
 - Type:bugfix
 - ID:NA