backported the patch to the nginx core for the latest SPDY security vulnerability (CVE-2014-0133).
This commit is contained in:
parent
d21cc33749
commit
37ba2b1015
|
@ -0,0 +1,11 @@
|
|||
--- src/http/ngx_http_spdy.c
|
||||
+++ src/http/ngx_http_spdy.c
|
||||
@@ -1849,7 +1849,7 @@ static u_char *
|
||||
ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc,
|
||||
u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler)
|
||||
{
|
||||
-#if (NGX_DEBUG)
|
||||
+#if 1
|
||||
if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) {
|
||||
ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
|
||||
"spdy state buffer overflow: "
|
|
@ -32,6 +32,10 @@ cd nginx-$ver || exit 1
|
|||
|
||||
# patch the patch
|
||||
|
||||
echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"
|
||||
patch -p0 < $root/patches/patch.2014.spdy2.txt || exit 1
|
||||
echo
|
||||
|
||||
echo "$info_txt applying the upstream-pipelining patch for nginx"
|
||||
patch -p1 < $root/patches/nginx-$main_ver-upstream_pipelining.patch || exit 1
|
||||
echo
|
||||
|
|
Loading…
Reference in New Issue