NetCube-Systems-Austria/kumquat-buildroot
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
a4c619c1ff
kumquat-buildroot/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
Peter Korsgaard ab9ceea782 package/nginx: add upstream CVE-2021-23017 security fix 
Fixes the following vulnerability:

- CVE-2021-23017: 1-byte memory overwrite in resolver

For more details, see the advisories:
https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://www.openwall.com/lists/oss-security/2021/05/25/5

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998@free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
2021-05-28 14:36:39 +02:00

41 lines
1.0 KiB
Diff
Raw Blame History

From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001
From: Maxim Dounin <mdounin@mdounin.ru>
Date: Tue, 25 May 2021 15:17:36 +0300
Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
[peter@korsgaard.com: backport from upstream]
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
src/core/ngx_resolver.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
index 79390701..63b26193 100644
--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
@@ -4008,15 +4008,15 @@ done:
n = *src++;
} else {
+ if (dst != name->data) {
+ *dst++ = '.';
+ }
+
ngx_strlow(dst, src, n);
dst += n;
src += n;
n = *src++;
-
- if (n != 0) {
- *dst++ = '.';
- }
}
if (n == 0) {
--
2.20.1
Reference in New Issue View Git Blame Copy Permalink