diff options
author | nginx <nginx@nginx.org> | 2013-05-07 11:28:58 +0000 |
---|---|---|
committer | Jon Kolb <jon@b0g.us> | 2013-05-07 11:28:58 +0000 |
commit | 6a8e32347b151ac766bf8c33d6df770e0040e602 (patch) | |
tree | cd8efcf0780d384335f12311da2fd65f333c8a77 | |
parent | 740eba7e73bf85fd7e93e2d908f64f649d1819ab (diff) | |
download | nginx-6a8e32347b151ac766bf8c33d6df770e0040e602.tar.gz |
Changes with nginx 1.5.0 07 May 2013v1.5.0
*) Security: a stack-based buffer overflow might occur in a worker
process while handling a specially crafted request, potentially
resulting in arbitrary code execution (CVE-2013-2028); the bug had
appeared in 1.3.9.
Thanks to Greg MacManus, iSIGHT Partners Labs.
-rw-r--r-- | CHANGES | 9 | ||||
-rw-r--r-- | CHANGES.ru | 9 | ||||
-rw-r--r-- | auto/cc/clang | 4 | ||||
-rw-r--r-- | auto/cc/name | 2 | ||||
-rw-r--r-- | src/core/nginx.h | 4 | ||||
-rw-r--r-- | src/http/modules/ngx_http_proxy_module.c | 2 | ||||
-rw-r--r-- | src/http/ngx_http_parse.c | 4 |
7 files changed, 28 insertions, 6 deletions
@@ -1,4 +1,13 @@ +Changes with nginx 1.5.0 07 May 2013 + + *) Security: a stack-based buffer overflow might occur in a worker + process while handling a specially crafted request, potentially + resulting in arbitrary code execution (CVE-2013-2028); the bug had + appeared in 1.3.9. + Thanks to Greg MacManus, iSIGHT Partners Labs. + + Changes with nginx 1.4.0 24 Apr 2013 *) Bugfix: nginx could not be built with the ngx_http_perl_module if the diff --git a/CHANGES.ru b/CHANGES.ru index cb961d08b..1087b3a4f 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,13 @@ +Изменения в nginx 1.5.0 07.05.2013 + + *) Безопасность: при обработке специально созданного запроса мог + перезаписываться стек рабочего процесса, что могло приводить к + выполнению произвольного кода (CVE-2013-2028); ошибка появилась в + 1.3.9. + Спасибо Greg MacManus, iSIGHT Partners Labs. + + Изменения в nginx 1.4.0 24.04.2013 *) Исправление: nginx не собирался с модулем ngx_http_perl_module, если diff --git a/auto/cc/clang b/auto/cc/clang index 9f60d7b3a..2611caa65 100644 --- a/auto/cc/clang +++ b/auto/cc/clang @@ -5,8 +5,8 @@ # clang -NGX_CLANG_VER=`$CC -v 2>&1 | grep 'clang version' 2>&1 \ - | sed -e 's/^.*clang version \(.*\)/\1/'` +NGX_CLANG_VER=`$CC -v 2>&1 | grep '\(clang\|LLVM\) version' 2>&1 \ + | sed -e 's/^.* version \(.*\)/\1/'` echo " + clang version: $NGX_CLANG_VER" diff --git a/auto/cc/name b/auto/cc/name index 7a5656c64..51a7ed92e 100644 --- a/auto/cc/name +++ b/auto/cc/name @@ -67,7 +67,7 @@ elif `$CC -v 2>&1 | grep 'gcc version' >/dev/null 2>&1`; then NGX_CC_NAME=gcc echo " + using GNU C compiler" -elif `$CC -v 2>&1 | grep 'clang version' >/dev/null 2>&1`; then +elif `$CC -v 2>&1 | grep '\(clang\|LLVM\) version' >/dev/null 2>&1`; then NGX_CC_NAME=clang echo " + using Clang C compiler" diff --git a/src/core/nginx.h b/src/core/nginx.h index fec8b6680..be20460eb 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004000 -#define NGINX_VERSION "1.4.0" +#define nginx_version 1005000 +#define NGINX_VERSION "1.5.0" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index eadc8c480..892ee27cb 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -2076,7 +2076,7 @@ ngx_http_proxy_internal_body_length_variable(ngx_http_request_t *r, v->no_cacheable = 0; v->not_found = 0; - v->data = ngx_pnalloc(r->connection->pool, NGX_OFF_T_LEN); + v->data = ngx_pnalloc(r->pool, NGX_OFF_T_LEN); if (v->data == NULL) { return NGX_ERROR; diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 34b3b85d0..3c168aaf2 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -2209,6 +2209,10 @@ data: } + if (ctx->size < 0 || ctx->length < 0) { + goto invalid; + } + return rc; done: |