nginx: fix CVE-2021-23017

Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> (cherry picked from commit 82385049035a3a4a81b18af099d2131b46802965) Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Changqing Li <changqing.li@windriver.com> 2021-07-08 16:06:57 +0800
committer: Armin Kuster <akuster808@gmail.com> 2021-07-10 21:14:18 -0700
commit: d9c8c33db813a0f1615efeaa38ece92c839bd722 (patch)
tree: af80ce8cd24f2ac666203e45a8c894222d76089c
parent: 7bd47ef6c98323c95a9e527129dca98c9a65ee08 (diff)
download: meta-openembedded-d9c8c33db813a0f1615efeaa38ece92c839bd722.tar.gz
2 files changed, 47 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
new file mode 100644
index 000000000..a70803377
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
@@ -0,0 +1,46 @@
+From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 25 May 2021 15:17:36 +0300
+Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
+Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
+Upstream-Status: Backport
+CVE: CVE-2021-23017
+Reference to upstream patch:
+https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/core/ngx_resolver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 79390701..63b26193 100644
+--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+             n = *src++;
+ 
+         } else {
+            if (dst != name->data) {
+                *dst++ = '.';
+            }
+
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
+-- 
+2.17.1
diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc
index de080a2b0..a4583ed8f 100644
--- a/meta-webserver/recipes-httpd/nginx/nginx.inc
+++ b/meta-webserver/recipes-httpd/nginx/nginx.inc
@@ -22,6 +22,7 @@ SRC_URI = " \
    file://nginx-volatile.conf \
    file://nginx.service \
    file://nginx-fix-pidfile.patch \
+    file://CVE-2021-23017.patch \
 "
 inherit siteinfo update-rc.d useradd systemd
author	Changqing Li <changqing.li@windriver.com>	2021-07-08 16:06:57 +0800
committer	Armin Kuster <akuster808@gmail.com>	2021-07-10 21:14:18 -0700
commit	d9c8c33db813a0f1615efeaa38ece92c839bd722 (patch)
tree	af80ce8cd24f2ac666203e45a8c894222d76089c
parent	7bd47ef6c98323c95a9e527129dca98c9a65ee08 (diff)
download	meta-openembedded-d9c8c33db813a0f1615efeaa38ece92c839bd722.tar.gz

diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch new file mode 100644 index 000000000..a70803377 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
@@ -0,0 +1,46 @@
		1	From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
		2	From: Maxim Dounin <mdounin@mdounin.ru>
		3	Date: Tue, 25 May 2021 15:17:36 +0300
		4	Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
		5
		6	Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
		7
		8	Upstream-Status: Backport
		9	CVE: CVE-2021-23017
		10
		11	Reference to upstream patch:
		12	https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf
		13
		14	Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
		15	Signed-off-by: Changqing Li <changqing.li@windriver.com>
		16	---
		17	src/core/ngx_resolver.c \| 8 ++++----
		18	1 file changed, 4 insertions(+), 4 deletions(-)
		19
		20	diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
		21	index 79390701..63b26193 100644
		22	--- a/src/core/ngx_resolver.c
		23	+++ b/src/core/ngx_resolver.c
		24	@@ -4008,15 +4008,15 @@ done:
		25	n = *src++;
		26
		27	} else {
		28	+ if (dst != name->data) {
		29	+ *dst++ = '.';
		30	+ }
		31	+
		32	ngx_strlow(dst, src, n);
		33	dst += n;
		34	src += n;
		35
		36	n = *src++;
		37	-
		38	- if (n != 0) {
		39	- *dst++ = '.';
		40	- }
		41	}
		42
		43	if (n == 0) {
		44	--
		45	2.17.1
		46


diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc index de080a2b0..a4583ed8f 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc
@@ -22,6 +22,7 @@ SRC_URI = " \
22	file://nginx-volatile.conf \	22	file://nginx-volatile.conf \
23	file://nginx.service \	23	file://nginx.service \
24	file://nginx-fix-pidfile.patch \	24	file://nginx-fix-pidfile.patch \
		25	file://CVE-2021-23017.patch \
25	"	26	"
26		27
27	inherit siteinfo update-rc.d useradd systemd	28	inherit siteinfo update-rc.d useradd systemd