backported the patch to the nginx core for the latest SPDY security vulnerability (CVE-2014-0133).

2024-10-13 00:29:41 +00:00 · 2014-03-19 17:37:47 -07:00
parent d21cc33749
commit 37ba2b1015
3 changed files with 16 additions and 1 deletions
--- a/patches/patch.2014.spdy2.txt
+++ b/patches/patch.2014.spdy2.txt
@ -0,0 +1,11 @@
+--- src/http/ngx_http_spdy.c
+++ src/http/ngx_http_spdy.c
+@@ -1849,7 +1849,7 @@ static u_char *
+ ngx_http_spdy_state_save(ngx_http_spdy_connection_t *sc,
+     u_char *pos, u_char *end, ngx_http_spdy_handler_pt handler)
+ {
+-#if (NGX_DEBUG)
+#if 1
+     if (end - pos > NGX_SPDY_STATE_BUFFER_SIZE) {
+         ngx_log_error(NGX_LOG_ALERT, sc->connection->log, 0,
+                       "spdy state buffer overflow: "