!39 fix CVE-2021-23017
From: @yangl777 Reviewed-by: @yaqiangchen Signed-off-by: @yaqiangchen
This commit is contained in:
openeuler-ci-bot
Gitee
commit
bd2ee6adc9
34
CVE-2021-23017.patch
Normal file
34
CVE-2021-23017.patch
Normal file
@ -0,0 +1,34 @@
|
|||||||
|
From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
|
||||||
|
From: Maxim Dounin <mdounin@mdounin.ru>
|
||||||
|
Date: Tue, 25 May 2021 15:17:36 +0300
|
||||||
|
Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
|
||||||
|
|
||||||
|
Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
|
||||||
|
---
|
||||||
|
src/core/ngx_resolver.c | 8 ++++----
|
||||||
|
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
|
||||||
|
index 7939070102..63b26193df 100644
|
||||||
|
--- a/src/core/ngx_resolver.c
|
||||||
|
+++ b/src/core/ngx_resolver.c
|
||||||
|
@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
|
||||||
|
n = *src++;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
+ if (dst != name->data) {
|
||||||
|
+ *dst++ = '.';
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ngx_strlow(dst, src, n);
|
||||||
|
dst += n;
|
||||||
|
src += n;
|
||||||
|
|
||||||
|
n = *src++;
|
||||||
|
-
|
||||||
|
- if (n != 0) {
|
||||||
|
- *dst++ = '.';
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (n == 0) {
|
||||||
@ -14,7 +14,7 @@
|
|||||||
Name: nginx
|
Name: nginx
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.16.1
|
Version: 1.16.1
|
||||||
Release: 10
|
Release: 11
|
||||||
Summary: A HTTP server, reverse proxy and mail proxy server
|
Summary: A HTTP server, reverse proxy and mail proxy server
|
||||||
License: BSD
|
License: BSD
|
||||||
URL: http://nginx.org/
|
URL: http://nginx.org/
|
||||||
@ -35,6 +35,7 @@ Patch0: nginx-auto-cc-gcc.patch
|
|||||||
Patch2: nginx-1.12.1-logs-perm.patch
|
Patch2: nginx-1.12.1-logs-perm.patch
|
||||||
Patch3: CVE-2019-20372.patch
|
Patch3: CVE-2019-20372.patch
|
||||||
Patch4: nginx-fix-pidfile.patch
|
Patch4: nginx-fix-pidfile.patch
|
||||||
|
Patch5: CVE-2021-23017.patch
|
||||||
|
|
||||||
BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
|
BuildRequires: gcc openssl-devel pcre-devel zlib-devel systemd gperftools-devel
|
||||||
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
|
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl pcre
|
||||||
@ -346,6 +347,9 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 15 2021 yanglu <yanglu72@huawei.com> - 1:1.16.1-11
|
||||||
|
- Fix CVE-2021-23017
|
||||||
|
|
||||||
* Fri May 14 2021 lingsheng <lingsheng@huawei.com> - 1:1.16.1-10
|
* Fri May 14 2021 lingsheng <lingsheng@huawei.com> - 1:1.16.1-10
|
||||||
- Fix file conflict in nginx upgrade
|
- Fix file conflict in nginx upgrade
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user