summaryrefslogtreecommitdiff
path: root/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch')
-rw-r--r--meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch39
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch
new file mode 100644
index 0000000000..45653e422e
--- /dev/null
+++ b/meta-openembedded/meta-webserver/recipes-httpd/nginx/files/CVE-2019-20372.patch
@@ -0,0 +1,39 @@
+From 6511195c023bf03e0fb19a36f41f42f4edde6e88 Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+
+Upstream-Status: Backport
+CVE: CVE-2019-20372
+
+Reference to upstream patch:
+https://github.com/nginx/nginx/commit/c1be55f97211d38b69ac0c2027e6812ab8b1b94e
+
+Signed-off-by: Ralph Siemsen <ralph.siemsen@linaro.org>
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 4ffb2cc8..76e67058 100644
+--- a/src/http/ngx_http_special_response.c
++++ b/src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+ return ngx_http_named_location(r, &uri);
+ }
+
++ r->expect_tested = 1;
++
++ if (ngx_http_discard_request_body(r) != NGX_OK) {
++ r->keepalive = 0;
++ }
++
+ location = ngx_list_push(&r->headers_out.headers);
+
+ if (location == NULL) {
+--
+2.17.1
+
generated by cgit v1.2.3 (git 2.39.0) at 2024-06-12 06:48:01 +0300