diff options
author | nginx <nginx@nginx.org> | 2013-11-19 14:59:58 +0000 |
---|---|---|
committer | Jon Kolb <jon@b0g.us> | 2013-11-19 14:59:58 +0000 |
commit | 725c7e56ecdd6f7406fd220f5cdd7c9174b808e6 (patch) | |
tree | 3f639c340fed16db4ffc95eae4566d03771db688 | |
parent | 660a81f910f1911f418c8550d6c83a355903d9bc (diff) | |
download | nginx-725c7e56ecdd6f7406fd220f5cdd7c9174b808e6.tar.gz |
Changes with nginx 1.4.4 19 Nov 2013v1.4.4
*) Security: a character following an unescaped space in a request line
was handled incorrectly (CVE-2013-4547); the bug had appeared in
0.8.41.
Thanks to Ivan Fratric of the Google Security Team.
-rw-r--r-- | CHANGES | 8 | ||||
-rw-r--r-- | CHANGES.ru | 8 | ||||
-rw-r--r-- | src/core/nginx.h | 4 | ||||
-rw-r--r-- | src/http/ngx_http_parse.c | 2 |
4 files changed, 20 insertions, 2 deletions
@@ -1,4 +1,12 @@ +Changes with nginx 1.4.4 19 Nov 2013 + + *) Security: a character following an unescaped space in a request line + was handled incorrectly (CVE-2013-4547); the bug had appeared in + 0.8.41. + Thanks to Ivan Fratric of the Google Security Team. + + Changes with nginx 1.4.3 08 Oct 2013 *) Bugfix: a segmentation fault might occur in a worker process if the diff --git a/CHANGES.ru b/CHANGES.ru index 34af0e8dd..2e12f09cd 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,4 +1,12 @@ +Изменения в nginx 1.4.4 19.11.2013 + + *) Безопасность: символ, следующий за незакодированным пробелом в строке + запроса, обрабатывался неправильно (CVE-2013-4547); ошибка появилась + в 0.8.41. + Спасибо Ivan Fratric из Google Security Team. + + Изменения в nginx 1.4.3 08.10.2013 *) Исправление: в рабочем процессе мог произойти segmentation fault, diff --git a/src/core/nginx.h b/src/core/nginx.h index 2ce21ae19..609bdaa89 100644 --- a/src/core/nginx.h +++ b/src/core/nginx.h @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1004003 -#define NGINX_VERSION "1.4.3" +#define nginx_version 1004004 +#define NGINX_VERSION "1.4.4" #define NGINX_VER "nginx/" NGINX_VERSION #define NGINX_VAR "NGINX" diff --git a/src/http/ngx_http_parse.c b/src/http/ngx_http_parse.c index 3c168aaf2..f8d5910dd 100644 --- a/src/http/ngx_http_parse.c +++ b/src/http/ngx_http_parse.c @@ -614,6 +614,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) default: r->space_in_uri = 1; state = sw_check_uri; + p--; break; } break; @@ -667,6 +668,7 @@ ngx_http_parse_request_line(ngx_http_request_t *r, ngx_buf_t *b) default: r->space_in_uri = 1; state = sw_uri; + p--; break; } break; |