186526/openresty
1
0
Fork 0
mirror of https://github.com/openresty/openresty.git synced 2024-10-13 00:29:41 +00:00
Code Issues Projects Releases Wiki Activity

bugfix: ngx_http_static_module: the 'Locatoin' response header value was not properly encoded by URI rules.

Browse Source 
This may impose security vulnerabilities for Location values from
untrusted sources.

The corresponding tests are in the lua-nginx-module repo.
This commit is contained in:
lijunlong
2020-06-24 12:58:36 +08:00
committed by Yichun Zhang (agentzh)
parent 4568281eaf
commit 6985198d46
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
util/mirror-tarballs
View File

@ -443,6 +443,13 @@ fi
rm -f *.patch || exit 1
answer=`$root/util/ver-ge "$main_ver" 1.17.8`
if [ "$answer" = "Y" ]; then
echo "$info_txt applying the patch for nginx security issue https://hackerone.com/reports/513236"
patch -p1 < $root/patches/nginx-$main_ver-static_mod_escape_loc_hdr.patch
echo
fi
echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"
patch -p1 < $root/patches/nginx-$main_ver-always_enable_cc_feature_tests.patch
echo