svn commit: r525647 - in head/www/nginx: . files
Jochen Neumeister
joneum at FreeBSD.org
Sun Feb 9 11:16:41 UTC 2020
Author: joneum
Date: Sun Feb 9 11:16:40 2020
New Revision: 525647
URL: https://svnweb.freebsd.org/changeset/ports/525647
Log:
Add patch for CVE-2019-20372
NGINX before 1.17.7, with certain error_page configurations,
allows HTTP request smuggling, as demonstrated by the ability
of an attacker to read unauthorized web pages in environments
where NGINX is being fronted by a load balancer.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372
PR: 243952
Reported by: koobs and many more
MFH: 2020Q1
Security: c1202de8-4b29-11ea-9673-4c72b94353b5
Sponsored by: Netzkommune GmbH
Added:
head/www/nginx/files/patch-CVE-2019-20372 (contents, props changed)
Modified:
head/www/nginx/Makefile
Modified: head/www/nginx/Makefile
==============================================================================
--- head/www/nginx/Makefile Sun Feb 9 11:10:36 2020 (r525646)
+++ head/www/nginx/Makefile Sun Feb 9 11:16:40 2020 (r525647)
@@ -3,7 +3,7 @@
PORTNAME= nginx
PORTVERSION= 1.16.1
-PORTREVISION?= 10
+PORTREVISION?= 11
PORTEPOCH= 2
CATEGORIES= www
MASTER_SITES= https://nginx.org/download/ \
Added: head/www/nginx/files/patch-CVE-2019-20372
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/www/nginx/files/patch-CVE-2019-20372 Sun Feb 9 11:16:40 2020 (r525647)
@@ -0,0 +1,28 @@
+From 8bffc01d084b4881e3eed2052c115b8f04268cb9 Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru at nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 2c1ff174..e2a5e9dc 100644
+--- src/http/ngx_http_special_response.c
++++ src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+ return ngx_http_named_location(r, &uri);
+ }
+
++ r->expect_tested = 1;
++
++ if (ngx_http_discard_request_body(r) != NGX_OK) {
++ r->keepalive = 0;
++ }
++
+ location = ngx_list_push(&r->headers_out.headers);
+
+ if (location == NULL) {
More information about the svn-ports-head
mailing list