applied the official patch for the nginx security vulnerability CVE-2013-2070.

This commit is contained in:
agentzh (Yichun Zhang)
2013-05-13 12:22:02 -07:00
parent 090060c907
commit 07fbdad118
4 changed files with 31 additions and 1 deletions

View File

@ -0,0 +1,13 @@
--- src/http/modules/ngx_http_proxy_module.c
+++ src/http/modules/ngx_http_proxy_module.c
@@ -1865,6 +1865,10 @@ data:
}
+ if (ctx->size < 0 || ctx->length < 0) {
+ goto invalid;
+ }
+
return rc;
done:

View File

@ -0,0 +1,13 @@
--- src/http/modules/ngx_http_proxy_module.c
+++ src/http/modules/ngx_http_proxy_module.c
@@ -1865,6 +1865,10 @@ data:
}
+ if (ctx->size < 0 || ctx->length < 0) {
+ goto invalid;
+ }
+
return rc;
done: