From 290b0672d4fdf1bac17b93f301afc427b8676e57 Mon Sep 17 00:00:00 2001
From: Igor Raits <igor.raits@gooddata.com>
Date: Dec 01 2021 18:07:38 +0000
Subject: Fix CVE-2021-23017


Signed-off-by: Igor Raits <igor.raits@gooddata.com>

---

diff --git a/SOURCES/nginx-1.14.1-CVE-2021-23017.patch b/SOURCES/nginx-1.14.1-CVE-2021-23017.patch
new file mode 100644
index 0000000..3d033f8
--- /dev/null
+++ b/SOURCES/nginx-1.14.1-CVE-2021-23017.patch
@@ -0,0 +1,34 @@
+From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 25 May 2021 15:17:36 +0300
+Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
+
+Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
+---
+ src/core/ngx_resolver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 7939070102..63b26193df 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ ngx_resolver_copy(ngx_resolver_t *r, ngx_str_t *name, u_char *buf, u_char *src,
+             n = *src++;
+ 
+         } else {
++            if (dst != name->data) {
++                *dst++ = '.';
++            }
++
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
diff --git a/SPECS/nginx.spec b/SPECS/nginx.spec
index 3c4911c..265b67c 100644
--- a/SPECS/nginx.spec
+++ b/SPECS/nginx.spec
@@ -19,7 +19,7 @@
 Name:              nginx
 Epoch:             1
 Version:           1.14.1
-Release:           9%{?dist}
+Release:           10%{?dist}
 
 Summary:           A high performance web server and reverse proxy server
 Group:             System Environment/Daemons
@@ -70,6 +70,7 @@ Patch5:            nginx-1.14.1-enable-tls1v3-by-default.patch
 Patch200: nginx-1.14.1-CVE-2019-9511.patch
 Patch201: nginx-1.14.1-CVE-2019-9513.patch
 Patch202: nginx-1.14.1-CVE-2019-9516.patch
+Patch203: https://github.com/nginx/nginx/commit/9f1dcb0c0473641730b871dee984016ff19d2c53.patch#/nginx-1.14.1-CVE-2021-23017.patch
 
 %if 0%{?with_gperftools}
 BuildRequires:     gperftools-devel
@@ -214,6 +215,7 @@ Requires:          nginx
 %patch200 -p1
 %patch201 -p1
 %patch202 -p1
+%patch203 -p1
 
 cp %{SOURCE200} %{SOURCE210} %{SOURCE10} %{SOURCE12} .
 
@@ -485,6 +487,9 @@ fi
 
 
 %changelog
+* Wed Dec 01 2021 Igor Raits <igor.raits@gooddata.com> - 1:1.14.1-10
+- Fix CVE-2021-23017
+
 * Fri Aug 30 2019 Lubos Uhliarik <luhliari@redhat.com> - 1:1.14.1-9
 - Resolves: #1744811 - CVE-2019-9511 nginx:1.14/nginx: HTTP/2: large amount of
   data request leads to denial of service