1 files changed, 46 insertions, 0 deletions
diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
new file mode 100644
index 0000000000..a708033775
--- /dev/null
+++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
@@ -0,0 +1,46 @@
+From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 25 May 2021 15:17:36 +0300
+Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
+Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
+Upstream-Status: Backport
+CVE: CVE-2021-23017
+Reference to upstream patch:
+https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ src/core/ngx_resolver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 79390701..63b26193 100644
+--- a/src/core/ngx_resolver.c
+++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+             n = *src++;
+ 
+         } else {
+            if (dst != name->data) {
+                *dst++ = '.';
+            }
+
+             ngx_strlow(dst, src, n);
+             dst += n;
+             src += n;
+ 
+             n = *src++;
+-
+-            if (n != 0) {
+-                *dst++ = '.';
+-            }
+         }
+ 
+         if (n == 0) {
+-- 
+2.17.1

diff --git a/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch new file mode 100644 index 0000000000..a708033775 --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/CVE-2021-23017.patch
@@ -0,0 +1,46 @@
	1	From 7199ebc203f74fd9e44595474de6bdc41740c5cf Mon Sep 17 00:00:00 2001
	2	From: Maxim Dounin <mdounin@mdounin.ru>
	3	Date: Tue, 25 May 2021 15:17:36 +0300
	4	Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
	5
	6	Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
	7
	8	Upstream-Status: Backport
	9	CVE: CVE-2021-23017
	10
	11	Reference to upstream patch:
	12	https://github.com/nginx/nginx/commit/7199ebc203f74fd9e44595474de6bdc41740c5cf
	13
	14	Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
	15	Signed-off-by: Changqing Li <changqing.li@windriver.com>
	16	---
	17	src/core/ngx_resolver.c \| 8 ++++----
	18	1 file changed, 4 insertions(+), 4 deletions(-)
	19
	20	diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
	21	index 79390701..63b26193 100644
	22	--- a/src/core/ngx_resolver.c
	23	+++ b/src/core/ngx_resolver.c
	24	@@ -4008,15 +4008,15 @@ done:
	25	n = *src++;
	26
	27	} else {
	28	+ if (dst != name->data) {
	29	+ *dst++ = '.';
	30	+ }
	31	+
	32	ngx_strlow(dst, src, n);
	33	dst += n;
	34	src += n;
	35
	36	n = *src++;
	37	-
	38	- if (n != 0) {
	39	- *dst++ = '.';
	40	- }
	41	}
	42
	43	if (n == 0) {
	44	--
	45	2.17.1
	46