* [Buildroot] [git commit] package/nginx: add upstream CVE-2021-23017 security fix
@ 2021-05-28 12:36 Yann E. MORIN
2021-06-09 21:18 ` Peter Korsgaard
0 siblings, 1 reply; 2+ messages in thread
From: Yann E. MORIN @ 2021-05-28 12:36 UTC (permalink / raw)
To: buildroot
commit: https://git.buildroot.net/buildroot/commit/?id=ab9ceea782c770acdb9a25d8601b12af261c8ccb
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
Fixes the following vulnerability:
- CVE-2021-23017: 1-byte memory overwrite in resolver
For more details, see the advisories:
https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
https://www.openwall.com/lists/oss-security/2021/05/25/5
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
[yann.morin.1998 at free.fr: annotate the patch, that it is a backport]
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
---
...xed-off-by-one-write-in-ngx_resolver_copy.patch | 40 ++++++++++++++++++++++
package/nginx/nginx.mk | 3 ++
2 files changed, 43 insertions(+)
diff --git a/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch b/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
new file mode 100644
index 0000000000..ba47768fe5
--- /dev/null
+++ b/package/nginx/0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
@@ -0,0 +1,40 @@
+From 9f1dcb0c0473641730b871dee984016ff19d2c53 Mon Sep 17 00:00:00 2001
+From: Maxim Dounin <mdounin@mdounin.ru>
+Date: Tue, 25 May 2021 15:17:36 +0300
+Subject: [PATCH] Resolver: fixed off-by-one write in ngx_resolver_copy().
+
+Reported by Luis Merino, Markus Vervier, Eric Sesterhenn, X41 D-Sec GmbH.
+
+[peter at korsgaard.com: backport from upstream]
+Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
+---
+ src/core/ngx_resolver.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c
+index 79390701..63b26193 100644
+--- a/src/core/ngx_resolver.c
++++ b/src/core/ngx_resolver.c
+@@ -4008,15 +4008,15 @@ done:
+ n = *src++;
+
+ } else {
++ if (dst != name->data) {
++ *dst++ = '.';
++ }
++
+ ngx_strlow(dst, src, n);
+ dst += n;
+ src += n;
+
+ n = *src++;
+-
+- if (n != 0) {
+- *dst++ = '.';
+- }
+ }
+
+ if (n == 0) {
+--
+2.20.1
+
diff --git a/package/nginx/nginx.mk b/package/nginx/nginx.mk
index 8a371a2cc8..e93e802fd3 100644
--- a/package/nginx/nginx.mk
+++ b/package/nginx/nginx.mk
@@ -13,6 +13,9 @@ NGINX_DEPENDENCIES = \
host-pkgconf \
$(if $(BR2_PACKAGE_LIBXCRYPT),libxcrypt)
+# 0010-Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch
+NGINX_IGNORE_CVES += CVE-2021-23017
+
NGINX_CONF_OPTS = \
--crossbuild=Linux::$(BR2_ARCH) \
--with-cc="$(TARGET_CC)" \
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [git commit] package/nginx: add upstream CVE-2021-23017 security fix
2021-05-28 12:36 [Buildroot] [git commit] package/nginx: add upstream CVE-2021-23017 security fix Yann E. MORIN
@ 2021-06-09 21:18 ` Peter Korsgaard
0 siblings, 0 replies; 2+ messages in thread
From: Peter Korsgaard @ 2021-06-09 21:18 UTC (permalink / raw)
To: buildroot
>>>>> "Yann" == Yann E MORIN <yann.morin.1998@free.fr> writes:
> commit: https://git.buildroot.net/buildroot/commit/?id=ab9ceea782c770acdb9a25d8601b12af261c8ccb
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> Fixes the following vulnerability:
> - CVE-2021-23017: 1-byte memory overwrite in resolver
> For more details, see the advisories:
> https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html
> https://www.openwall.com/lists/oss-security/2021/05/25/5
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> [yann.morin.1998 at free.fr: annotate the patch, that it is a backport]
> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
Committed, thanks.
--
Bye, Peter Korsgaard
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-06-09 21:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-28 12:36 [Buildroot] [git commit] package/nginx: add upstream CVE-2021-23017 security fix Yann E. MORIN
2021-06-09 21:18 ` Peter Korsgaard
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.