rpms / rh-nginx110-nginx

Clone
Source Code
GIT

Blame SOURCES/nginx-1.10.2-CVE-2017-7529.patch

c7
  1.   ae9c3d0808232c779475b9646571d77b0b4072e8
  2.   SOURCES
  3.   nginx-1.10.2-CVE-2017-7529.patch
Blob History Raw
ae9c3d 
diffsrc/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
ae9c3d 
--- src/http/modules/ngx_http_range_filter_module.c
ae9c3d 
+++ src/http/modules/ngx_http_range_filter_module.c
ae9c3d 
@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t
ae9c3d 
             range->start = start;
ae9c3d 
             range->end = end;
ae9c3d
ae9c3d 
+            if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
ae9c3d 
+                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
ae9c3d 
+            }
ae9c3d 
+
ae9c3d 
             size += end - start;
ae9c3d
ae9c3d 
             if (ranges-- == 0) {

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation