aboutsummaryrefslogtreecommitdiffstats
path: root/main/nginx
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2012-05-03 06:42:01 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2012-05-03 06:44:57 +0000
commit6de4e4da7319dd03ea63802ac9ee9be17da17c21 (patch)
tree0891c02c038e2a732929ce35418f51ecbfec36cb /main/nginx
parent6efa33e8289cde944d8f52b72249dc9c0310c6a6 (diff)
downloadaports-6de4e4da7319dd03ea63802ac9ee9be17da17c21.tar.bz2
aports-6de4e4da7319dd03ea63802ac9ee9be17da17c21.tar.xz
main/nginx: upgrade to 0.8.55 and fix CVE-2012-1180
fixes #1057
Diffstat (limited to 'main/nginx')
-rw-r--r--main/nginx/APKBUILD11
-rw-r--r--main/nginx/patch.2012.memory.txt113
2 files changed, 120 insertions, 4 deletions
diff --git a/main/nginx/APKBUILD b/main/nginx/APKBUILD
index c188a76e26..78a215c373 100644
--- a/main/nginx/APKBUILD
+++ b/main/nginx/APKBUILD
@@ -1,8 +1,8 @@
# Contributor: Cameron Banta <cbanta@gmail.com>
# Maintainer: Cameron Banta <cbanta@gmail.com>
pkgname=nginx
-pkgver=0.8.54
-pkgrel=1
+pkgver=0.8.55
+pkgrel=0
pkgdesc="nginx [engine x] is a HTTP and reverse proxy server"
url="http://www.nginx.org"
arch="all"
@@ -16,6 +16,7 @@ source="http://nginx.org/download/$pkgname-$pkgver.tar.gz
nginx.initd
nginx.logrotate
$install
+ patch.2012.memory.txt
"
@@ -24,6 +25,7 @@ _builddir="$srcdir"/$pkgname-$pkgver
prepare() {
cd "$_builddir"
# apply patches here
+ patch -p0 -i "$srcdir"/patch.2012.memory.txt || return 1
}
build() {
@@ -55,6 +57,7 @@ package() {
install -m644 -D LICENSE "$pkgdir"/usr/share/licenses/$pkgname/LICENSE
}
-md5sums="44df4eb6a22d725021288c570789046f nginx-0.8.54.tar.gz
+md5sums="10ea2cd34f894631bf4b306b7139195b nginx-0.8.55.tar.gz
b06f6e23753385be0076539ba1806cb6 nginx.initd
-8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate"
+8823274a834332d3db4f62bf7dd1fb7d nginx.logrotate
+2c873883b0c6793ea0af79c2bdab7940 patch.2012.memory.txt"
diff --git a/main/nginx/patch.2012.memory.txt b/main/nginx/patch.2012.memory.txt
new file mode 100644
index 0000000000..940d1cef47
--- /dev/null
+++ b/main/nginx/patch.2012.memory.txt
@@ -0,0 +1,113 @@
+--- src/http/modules/ngx_http_fastcgi_module.c
++++ src/http/modules/ngx_http_fastcgi_module.c
+@@ -1501,10 +1501,10 @@ ngx_http_fastcgi_process_header(ngx_http
+ h->lowcase_key = h->key.data + h->key.len + 1
+ + h->value.len + 1;
+
+- ngx_cpystrn(h->key.data, r->header_name_start,
+- h->key.len + 1);
+- ngx_cpystrn(h->value.data, r->header_start,
+- h->value.len + 1);
++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
++ h->key.data[h->key.len] = '\0';
++ ngx_memcpy(h->value.data, r->header_start, h->value.len);
++ h->value.data[h->value.len] = '\0';
+ }
+
+ h->hash = r->header_hash;
+--- src/http/modules/ngx_http_proxy_module.c
++++ src/http/modules/ngx_http_proxy_module.c
+@@ -1381,8 +1381,10 @@ ngx_http_proxy_process_header(ngx_http_r
+ h->value.data = h->key.data + h->key.len + 1;
+ h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
+
+- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
+- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
++ h->key.data[h->key.len] = '\0';
++ ngx_memcpy(h->value.data, r->header_start, h->value.len);
++ h->value.data[h->value.len] = '\0';
+
+ if (h->key.len == r->lowcase_index) {
+ ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
+--- src/http/modules/ngx_http_scgi_module.c
++++ src/http/modules/ngx_http_scgi_module.c
+@@ -941,8 +941,10 @@ ngx_http_scgi_process_header(ngx_http_re
+ h->value.data = h->key.data + h->key.len + 1;
+ h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
+
+- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
+- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
++ h->key.data[h->key.len] = '\0';
++ ngx_memcpy(h->value.data, r->header_start, h->value.len);
++ h->value.data[h->value.len] = '\0';
+
+ if (h->key.len == r->lowcase_index) {
+ ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
+--- src/http/modules/ngx_http_uwsgi_module.c
++++ src/http/modules/ngx_http_uwsgi_module.c
+@@ -985,8 +985,10 @@ ngx_http_uwsgi_process_header(ngx_http_r
+ h->value.data = h->key.data + h->key.len + 1;
+ h->lowcase_key = h->key.data + h->key.len + 1 + h->value.len + 1;
+
+- ngx_cpystrn(h->key.data, r->header_name_start, h->key.len + 1);
+- ngx_cpystrn(h->value.data, r->header_start, h->value.len + 1);
++ ngx_memcpy(h->key.data, r->header_name_start, h->key.len);
++ h->key.data[h->key.len] = '\0';
++ ngx_memcpy(h->value.data, r->header_start, h->value.len);
++ h->value.data[h->value.len] = '\0';
+
+ if (h->key.len == r->lowcase_index) {
+ ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len);
+--- src/http/ngx_http_parse.c
++++ src/http/ngx_http_parse.c
+@@ -874,6 +874,10 @@ ngx_http_parse_header_line(ngx_http_requ
+ break;
+ }
+
++ if (ch == '\0') {
++ return NGX_HTTP_PARSE_INVALID_HEADER;
++ }
++
+ r->invalid_header = 1;
+
+ break;
+@@ -936,6 +940,10 @@ ngx_http_parse_header_line(ngx_http_requ
+ break;
+ }
+
++ if (ch == '\0') {
++ return NGX_HTTP_PARSE_INVALID_HEADER;
++ }
++
+ r->invalid_header = 1;
+
+ break;
+@@ -954,6 +962,8 @@ ngx_http_parse_header_line(ngx_http_requ
+ r->header_start = p;
+ r->header_end = p;
+ goto done;
++ case '\0':
++ return NGX_HTTP_PARSE_INVALID_HEADER;
+ default:
+ r->header_start = p;
+ state = sw_value;
+@@ -975,6 +985,8 @@ ngx_http_parse_header_line(ngx_http_requ
+ case LF:
+ r->header_end = p;
+ goto done;
++ case '\0':
++ return NGX_HTTP_PARSE_INVALID_HEADER;
+ }
+ break;
+
+@@ -988,6 +1000,8 @@ ngx_http_parse_header_line(ngx_http_requ
+ break;
+ case LF:
+ goto done;
++ case '\0':
++ return NGX_HTTP_PARSE_INVALID_HEADER;
+ default:
+ state = sw_value;
+ break;