packages/nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

backport upstreams to fix possible segfault

Browse Source 
(cherry picked from commit da88cc128b849b21f0abcc014ecf7c74825ec9c1)
This commit is contained in:
eaglegai 2025-04-02 02:38:53 +00:00 committed by openeuler-sync-bot
parent 6086ee2e61
commit c5b1032d23
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch Normal file
View File

@ -0,0 +1,34 @@
From 25c546ac37ba622b93c1a7075bd7eb447bac17b2 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Tue, 18 Apr 2023 06:28:46 +0300
Subject: [PATCH] Fixed segfault if regex studies list allocation fails.
The rcf->studies list is unconditionally accessed by ngx_regex_cleanup(),
and this used to cause NULL pointer dereference if allocation
failed. Fix is to set cleanup handler only when allocation succeeds.
---
src/core/ngx_regex.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
index bebf3b6a83e..91381f49942 100644
--- a/src/core/ngx_regex.c
+++ b/src/core/ngx_regex.c
@@ -732,14 +732,14 @@ ngx_regex_create_conf(ngx_cycle_t *cycle)
return NULL;
}
- cln->handler = ngx_regex_cleanup;
- cln->data = rcf;
-
rcf->studies = ngx_list_create(cycle->pool, 8, sizeof(ngx_regex_elt_t));
if (rcf->studies == NULL) {
return NULL;
}
+ cln->handler = ngx_regex_cleanup;
+ cln->data = rcf;
+
ngx_regex_studies = rcf->studies;
return rcf;

6
nginx.spec
View File

@ -17,7 +17,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.24.0 Version: 1.24.0
Release: 3 Release: 4
Summary: A HTTP server, reverse proxy and mail proxy server Summary: A HTTP server, reverse proxy and mail proxy server
License: BSD License: BSD
URL: http://nginx.org/ URL: http://nginx.org/
@ -43,6 +43,7 @@ Patch3: backport-CVE-2023-44487.patch
# https://nginx.org/download/patch.2024.mp4.txt # https://nginx.org/download/patch.2024.mp4.txt
Patch4: backport-CVE-2024-7347.patch Patch4: backport-CVE-2024-7347.patch
Patch5: backport-CVE-2025-23419.patch Patch5: backport-CVE-2025-23419.patch
Patch6: backport-Fixed-segfault-if-regex-studies-list-allocation-fails.patch
BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl
@ -390,6 +391,9 @@ fi
%{_mandir}/man8/nginx.8* %{_mandir}/man8/nginx.8*
%changelog %changelog
* Wed Apr 02 2025 gaihuiying <eaglegai@163.com> - 1:1.24.0-4
- backport upstreams to fix possible segfault
* Thu Feb 06 2025 gaihuiying <eaglegai@163.com> - 1:1.24.0-3 * Thu Feb 06 2025 gaihuiying <eaglegai@163.com> - 1:1.24.0-3
- fix CVE-2025-23419 - fix CVE-2025-23419