Changes with nginx 1.4.4 19 Nov 2013v1.4.4

*) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team.
author: nginx <nginx@nginx.org> 2013-11-19 14:59:58 +0000
committer: Jon Kolb <jon@b0g.us> 2013-11-19 14:59:58 +0000
commit: 725c7e56ecdd6f7406fd220f5cdd7c9174b808e6 (patch)
tree: 3f639c340fed16db4ffc95eae4566d03771db688
parent: 660a81f910f1911f418c8550d6c83a355903d9bc (diff)
download: nginx-725c7e56ecdd6f7406fd220f5cdd7c9174b808e6.tar.gz
4 files changed, 20 insertions, 2 deletions
diff --git a/CHANGES b/CHANGES
index a35c22b90..4899a6d92 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,4 +1,12 @@
 
+Changes with nginx 1.4.4                                         19 Nov 2013
+
+    *) Security: a character following an unescaped space in a request line
+       was handled incorrectly (CVE-2013-4547); the bug had appeared in
+       0.8.41.
+       Thanks to Ivan Fratric of the Google Security Team.
+
+
 Changes with nginx 1.4.3                                         08 Oct 2013
 
     *) Bugfix: a segmentation fault might occur in a worker process if the
diff --git a/CHANGES.ru b/CHANGES.ru
index 34af0e8dd..2e12f09cd 100644
--- a/CHANGES.ru
+++ b/CHANGES.ru
@@ -1,4 +1,12 @@
 
+Изменения в nginx 1.4.4                                           19.11.2013
+
+    *) Безопасность: символ, следующий за незакодированным пробелом в строке
+       запроса, обрабатывался неправильно (CVE-2013-4547); ошибка появилась
+       в 0.8.41.
+       Спасибо Ivan Fratric из Google Security Team.
+
+
 Изменения в nginx 1.4.3                                           08.10.2013
 
     *) Исправление: в рабочем процессе мог произойти segmentation fault,
diff --git a/src/core/nginx.h b/src/core/nginx.h
index 2ce21ae19..609bdaa89 100644
--- a/src/core/nginx.h
+++ b/src/core/nginx.h
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version      1004003
-#define NGINX_VERSION      "1.4.3"
+#define nginx_version      1004004
+#define NGINX_VERSION      "1.4.4"
 #define NGINX_VER          "nginx/" NGINX_VERSION
 
 #define NGINX_VAR          "NGINX"
diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c
index 3c168aaf2..f8d5910dd 100644
--- a/src/http/ngx_http_parse.c
+++ b/src/http/ngx_http_parse.c
@@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
             default:
                 r->space_in_uri = 1;
                 state = sw_check_uri;
+                p--;
                 break;
             }
             break;
@@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b)
             default:
                 r->space_in_uri = 1;
                 state = sw_uri;
+                p--;
                 break;
             }
             break;
author	nginx <nginx@nginx.org>	2013-11-19 14:59:58 +0000
committer	Jon Kolb <jon@b0g.us>	2013-11-19 14:59:58 +0000
commit	725c7e56ecdd6f7406fd220f5cdd7c9174b808e6 (patch)
tree	3f639c340fed16db4ffc95eae4566d03771db688
parent	660a81f910f1911f418c8550d6c83a355903d9bc (diff)
download	nginx-725c7e56ecdd6f7406fd220f5cdd7c9174b808e6.tar.gz