aboutsummaryrefslogtreecommitdiffstats
path: root/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch
blob: 45653e422eaf1e434a05e9960d0f55fa18328af3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
From 6511195c023bf03e0fb19a36f41f42f4edde6e88 Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@nginx.com>
Date: Mon, 23 Dec 2019 15:45:46 +0300
Subject: [PATCH] Discard request body when redirecting to a URL via
 error_page.

Reported by Bert JW Regeer and Francisco Oca Gonzalez.

Upstream-Status: Backport
CVE: CVE-2019-20372

Reference to upstream patch:
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
 src/http/ngx_http_special_response.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 4ffb2cc8..76e67058 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
         return ngx_http_named_location(r, &uri);
     }
 
+    r->expect_tested = 1;
+
+    if (ngx_http_discard_request_body(r) != NGX_OK) {
+        r->keepalive = 0;
+    }
+
     location = ngx_list_push(&r->headers_out.headers);
 
     if (location == NULL) {
-- 
2.17.1