rpms / rh-nginx112-nginx

Clone
Source Code
GIT

Blame SOURCES/nginx-1.12.1-CVE-2019-9516.patch

c7
  1.   1ba31caf6b3718ffd3fa6f8db442854f408e51fb
  2.   SOURCES
  3.   nginx-1.12.1-CVE-2019-9516.patch
Blob History Raw
1ba31c 
diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c
1ba31c 
index 9e12243..5d6cadd 100644
1ba31c 
--- a/src/http/v2/ngx_http_v2.c
1ba31c 
+++ b/src/http/v2/ngx_http_v2.c
1ba31c 
@@ -1539,6 +1539,14 @@ ngx_http_v2_state_process_header(ngx_http_v2_connection_t *h2c, u_char *pos,
1ba31c 
         header->name.len = h2c->state.field_end - h2c->state.field_start;
1ba31c 
         header->name.data = h2c->state.field_start;
1ba31c
1ba31c 
+        if (header->name.len == 0) {
1ba31c 
+            ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
1ba31c 
+                          "client sent zero header name length");
1ba31c 
+
1ba31c 
+            return ngx_http_v2_connection_error(h2c,
1ba31c 
+                                                NGX_HTTP_V2_PROTOCOL_ERROR);
1ba31c 
+        }
1ba31c 
+
1ba31c 
         return ngx_http_v2_state_field_len(h2c, pos, end);
1ba31c 
     }
1ba31c
1ba31c 
@@ -2994,10 +3002,6 @@ ngx_http_v2_validate_header(ngx_http_request_t *r, ngx_http_v2_header_t *header)
1ba31c 
     ngx_uint_t                 i;
1ba31c 
     ngx_http_core_srv_conf_t  *cscf;
1ba31c
1ba31c 
-    if (header->name.len == 0) {
1ba31c 
-        return NGX_ERROR;
1ba31c 
-    }
1ba31c 
-
1ba31c 
     r->invalid_header = 0;
1ba31c
1ba31c 
     cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module);

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation