https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-4450
http://nginx.org/download/patch.2016.write2.txt
diff -uap nginx-1.8.1/src/os/unix/ngx_files.c.cve4450 nginx-1.8.1/src/os/unix/ngx_files.c
--- nginx-1.8.1/src/os/unix/ngx_files.c.cve4450
+++ nginx-1.8.1/src/os/unix/ngx_files.c
@@ -292,6 +292,12 @@ ngx_write_chain_to_file(ngx_file_t *file
/* create the iovec and coalesce the neighbouring bufs */
while (cl && vec.nelts < IOV_MAX) {
+
+ if (ngx_buf_special(cl->buf)) {
+ cl = cl->next;
+ continue;
+ }
+
if (prev == cl->buf->pos) {
iov->iov_len += cl->buf->last - cl->buf->pos;