mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-15 06:10:02 +00:00
Code Issues Projects Releases Wiki Activity

nginx: backport fix for CVE-2019-20372

Browse Source 
Fixed an HTTP request smuggling with certain error_page configurations
which could have allowed unauthorized web page reads.

This issue affects nginx prior to 1.17.7, so only the recipe for 1.16.1
needs the patch applied.

Fix is taken directly from
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e

Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Ralph Siemsen
2022-03-15 14:53:09 -04:00
committed by Armin Kuster
parent e6a4c8e5c5
commit 0940e1e382
2 changed files with 41 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch
+39
View File
@@ -0,0 +1,39 @@
From 6511195c023bf03e0fb19a36f41f42f4edde6e88 Mon Sep 17 00:00:00 2001
From: Ruslan Ermilov <ru@nginx.com>
Date: Mon, 23 Dec 2019 15:45:46 +0300
Subject: [PATCH] Discard request body when redirecting to a URL via
error_page.
Reported by Bert JW Regeer and Francisco Oca Gonzalez.
Upstream-Status: Backport
CVE: CVE-2019-20372
Reference to upstream patch:
https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
---
src/http/ngx_http_special_response.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
index 4ffb2cc8..76e67058 100644
--- a/src/http/ngx_http_special_response.c
+++ b/src/http/ngx_http_special_response.c
@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
return ngx_http_named_location(r, &uri);
}
+ r->expect_tested = 1;
+
+ if (ngx_http_discard_request_body(r) != NGX_OK) {
+ r->keepalive = 0;
+ }
+
location = ngx_list_push(&r->headers_out.headers);
if (location == NULL) {
--
2.17.1
meta-webserver/recipes-httpd/nginx/nginx_1.16.1.bb
+2
View File
@@ -4,3 +4,5 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=52e384aaac868b755b93ad5535e2d075"
SRC_URI[md5sum] = "45a80f75336c980d240987badc3dcf60"
SRC_URI[sha256sum] = "f11c2a6dd1d3515736f0324857957db2de98be862461b5a542a3ac6188dbe32b"
SRC_URI += "file://CVE-2019-20372.patch"