From 19c6e1fb5ced6196bc64211d6f438d21674bfc90 Mon Sep 17 00:00:00 2001
From: "Yichun Zhang (agentzh)" <agentzh@gmail.com>
Date: Tue, 11 Jul 2017 10:31:25 -0700
Subject: [PATCH] bugfix: applied nginx's official security fix for an issue in
 the range filter (CVE-2017-7529).

---
 patches/patch.2017.ranges.txt | 14 ++++++++++++++
 util/mirror-tarballs          |  7 +++++++
 2 files changed, 21 insertions(+)
 create mode 100644 patches/patch.2017.ranges.txt

diff --git a/patches/patch.2017.ranges.txt b/patches/patch.2017.ranges.txt
new file mode 100644
index 0000000..c8eb24f
--- /dev/null
+++ b/patches/patch.2017.ranges.txt
@@ -0,0 +1,14 @@
+diffsrc/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
+--- src/http/modules/ngx_http_range_filter_module.c
++++ src/http/modules/ngx_http_range_filter_module.c
+@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t 
+             range->start = start;
+             range->end = end;
+ 
++            if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
++                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
++            }
++
+             size += end - start;
+ 
+             if (ranges-- == 0) {
diff --git a/util/mirror-tarballs b/util/mirror-tarballs
index a7785e9..e952c7f 100755
--- a/util/mirror-tarballs
+++ b/util/mirror-tarballs
@@ -34,6 +34,13 @@ cd nginx-$ver || exit 1
 
 # patch the patch
 
+answer=`$root/util/ver-ge "$main_ver" 1.13.3`
+if [ "$answer" = "N" ]; then
+    echo "$info_txt applying the patch for nginx security advisory (CVE-2017-7529)"
+    patch -p0 < $root/patches/patch.2017.ranges.txt || exit 1
+    echo
+fi
+
 answer=`$root/util/ver-ge "$main_ver" 1.5.12`
 if [ "$answer" = "N" ]; then
     echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"