186526/openresty
1
0
Fork 0
mirror of https://github.com/openresty/openresty.git synced 2024-10-13 00:29:41 +00:00
Code Issues Projects Releases Wiki Activity

bugfix: applied nginx's official security fix for an issue in the range filter (CVE-2017-7529).

Browse Source
This commit is contained in:
Yichun Zhang (agentzh)
2017-07-11 10:31:25 -07:00
parent 391709ce4d
commit 58f39e963f
3 changed files with 22 additions and 1 deletions

14
patches/patch.2017.ranges.txt Normal file

@ -0,0 +1,14 @@
diffsrc/http/modules/ngx_http_range_filter_module.c b/src/http/modules/ngx_http_range_filter_module.c
--- src/http/modules/ngx_http_range_filter_module.c
+++ src/http/modules/ngx_http_range_filter_module.c
@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t
range->start = start;
range->end = end;
+ if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
+ return NGX_HTTP_RANGE_NOT_SATISFIABLE;
+ }
+
size += end - start;
if (ranges-- == 0) {

7
util/mirror-tarballs

@ -34,6 +34,13 @@ cd nginx-$ver || exit 1
# patch the patch # patch the patch
answer=`$root/util/ver-ge "$main_ver" 1.13.3`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2017-7529)"
patch -p0 < $root/patches/patch.2017.ranges.txt || exit 1
echo
fi
answer=`$root/util/ver-ge "$main_ver" 1.5.12` answer=`$root/util/ver-ge "$main_ver" 1.5.12`
if [ "$answer" = "N" ]; then if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)" echo "$info_txt applying the patch for nginx security advisory (CVE-2014-0133)"

2
util/ver

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
main_ver=1.11.2 main_ver=1.11.2
minor_ver=3 minor_ver=4
version=$main_ver.$minor_ver version=$main_ver.$minor_ver
echo $version echo $version