PR#1: Fix CVE-2021-23017 - rpms/nginx

Igor Raits • 2 years ago

290b06

file added

+34

		`@@ -0,0 +1,34 @@`
		`+ From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001`
		`+ From: Maxim Dounin <mdounin@mdounin.ru>`
		`+ Date: Tue, 25 May 2021 15:17:36 +0300`
		`+ Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().`
		`+`
		`+ Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.`
		`+ ---`
		`+ src/core/ngx_resolver.c \| 8 ++++----`
		`+ 1 file changed, 4 insertions(+), 4 deletions(-)`
		`+`
		`+ diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c`
		`+ index 7939070102..63b26193df 100644`
		`+ --- a/src/core/ngx_resolver.c`
		`+ +++ b/src/core/ngx_resolver.c`
		`+ @@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t r, ngx_str_t name, u_char buf, u_char src,`
		`+ n = *src++;`
		`+`
		`+ } else {`
		`+ + if (dst != name->data) {`
		`+ + *dst++ = '.';`
		`+ + }`
		`+ +`
		`+ ngx_strlow(dst, src, n);`
		`+ dst += n;`
		`+ src += n;`
		`+`
		`+ n = *src++;`
		`+ -`
		`+ - if (n != 0) {`
		`+ - *dst++ = '.';`
		`+ - }`
		`+ }`
		`+`
		`+ if (n == 0) {`

SPECS/nginx.spec

file modified

+6 -1

		`@@ -19,7 +19,7 @@`
		`Name: nginx`
		`Epoch: 1`
		`Version: 1.14.1`
		`- Release: 9%{?dist}`
		`+ Release: 10%{?dist}`

		`Summary: A high performance web server and reverse proxy server`
		`Group: System Environment/Daemons`
		`@@ -70,6 +70,7 @@`
		`Patch200: nginx-1.14.1-CVE-2019-9511.patch`
		`Patch201: nginx-1.14.1-CVE-2019-9513.patch`
		`Patch202: nginx-1.14.1-CVE-2019-9516.patch`
		`+ Patch203: https://github.com/nginx/nginx/commit/9f1dcb0c0473641730b871dee984016ff19d2c53.patch#/nginx-1.14.1-CVE-2021-23017.patch`

		`%if 0%{?with_gperftools}`
		`BuildRequires: gperftools-devel`
		`@@ -214,6 +215,7 @@`
		`%patch200 -p1`
		`%patch201 -p1`
		`%patch202 -p1`
		`+ %patch203 -p1`

		`cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .`

		`@@ -485,6 +487,9 @@`


		`%changelog`
		`+ * Wed Dec 01 2021 Igor Raits <igor.raits@gooddata.com> - 1:1.14.1-10`
		`+ - Fix CVE-2021-23017`
		`+`
		`* Fri Aug 30 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-9`
		`- Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of`
		`data request leads to denial of service`