packages/nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-23017

Browse Source
This commit is contained in:
linker99 2021-06-15 11:47:12 +08:00
parent c1b3edde71
commit dc25f7f2eb
2 changed files with 39 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
CVE-2021-23017.patch Normal file
View File

@ -0,0 +1,34 @@
From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Tue, 25 May 2021 15:17:36 +0300
Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
---
src/core/ngx_resolver.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 7939070102..63b26193df 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
n = *src++;
} else {
+ if (dst != name->data) {
+ *dst++ = '.';
+ }
+
ngx_strlow(dst, src, n);
dst += n;
src += n;
n = *src++;
-
- if (n != 0) {
- *dst++ = '.';
- }
}
if (n == 0) {

6
nginx.spec
View File

@ -14,7 +14,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.18.0 Version: 1.18.0
Release: 4 Release: 5
Summary: A HTTP server, reverse proxy and mail proxy server Summary: A HTTP server, reverse proxy and mail proxy server
License: BSD License: BSD
URL: http://nginx.org/ URL: http://nginx.org/
@ -34,6 +34,7 @@ Source210: UPGRADE-NOTES-1.6-to-1.10
Patch0: nginx-auto-cc-gcc.patch Patch0: nginx-auto-cc-gcc.patch
Patch1: nginx-1.12.1-logs-perm.patch Patch1: nginx-1.12.1-logs-perm.patch
Patch2: nginx-fix-pidfile.patch Patch2: nginx-fix-pidfile.patch
Patch3: CVE-2021-23017.patch
BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
Requires: nginx-all-modules = %{epoch}:%{version}-%{release} Requires: nginx-all-modules = %{epoch}:%{version}-%{release}
@ -345,6 +346,9 @@ fi
%{_mandir}/man8/nginx.8* %{_mandir}/man8/nginx.8*
%changelog %changelog
* Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.18.0-5
- fix CVE-2021-23017
* Sat Mar 20 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 1:1.18.0-4 * Sat Mar 20 2021 wangxiaopeng <wangxiaopeng7@huawei.com> - 1:1.18.0-4
- Fix NGINX pidfile handling - Fix NGINX pidfile handling