aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChangqing Li <changqing.li@windriver.com>2021-07-08 16:06:57 +0800
committerArmin Kuster <akuster808@gmail.com>2021-07-10 11:20:01 -0700
commit82385049035a3a4a81b18af099d2131b46802965 (patch)
tree020292c0b702a662f297a5256fd15cf528452f62
parentc51e79dd854460c6f6949a187970d05362152e84 (diff)
downloadmeta-openembedded-82385049035a3a4a81b18af099d2131b46802965.tar.gz
meta-openembedded-82385049035a3a4a81b18af099d2131b46802965.tar.bz2
meta-openembedded-82385049035a3a4a81b18af099d2131b46802965.zip
nginx: fix CVE-2021-23017
Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r--meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch46
-rw-r--r--meta-webserver/recipes-httpd/nginx/nginx.inc1
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
new file mode 100644
index 000000000..a70803377
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
@@ -0,0 +1,46 @@
+From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 25 May 2021 15:17:36 +0300
+Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
+
+Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
+
+Upstream-Status: Backport
+CVE: CVE-2021-23017
+
+Reference to upstream patch:
+https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/core/ngx_resolver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 79390701..63b26193 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+ n = *src++;
+
+ } else {
++ if (dst != name->data) {
++ *dst++ = '.';
++ }
++
+ ngx_strlow(dst, src, n);
+ dst += n;
+ src += n;
+
+ n = *src++;
+-
+- if (n != 0) {
+- *dst++ = '.';
+- }
+ }
+
+ if (n == 0) {
+--
+2.17.1
+
diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc
index de080a2b0..a4583ed8f 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx.inc
+++ b/meta-webserver/recipes-httpd/nginx/nginx.inc
@@ -22,6 +22,7 @@ SRC_URI = " \
file://nginx-volatile.conf \
file://nginx.service \
file://nginx-fix-pidfile.patch \
+ file://CVE-2021-23017.patch \
"
inherit siteinfo update-rc.d useradd systemd