diff options
| author | nginx <nginx@nginx.org> | 2013-05-13 11:30:14 +0000 |
|---|---|---|
| committer | Jon Kolb <jon@b0g.us> | 2013-05-13 11:30:14 +0000 |
| commit | a1b66faf4aa5bff110cac0f93bbb77abb78658b2 (patch) | |
| tree | 210d3bcb5c0e4dffd3666fc69b2084ca2faf045a /src/http/modules | |
| parent | 3f85d9c48a5764419dcfd4a8903167ba6180c1aa (diff) | |
| download | nginx-1.2.tar.gz | |
*) Security: contents of worker process memory might be sent to a client
if HTTP backend returned specially crafted response (CVE-2013-2070);
the bug had appeared in 1.1.4.
Diffstat (limited to 'src/http/modules')
| -rw-r--r-- | src/http/modules/ngx_http_proxy_module.c | 4 | ||||
| -rw-r--r-- | src/http/modules/perl/nginx.pm | 2 |
2 files changed, 5 insertions, 1 deletions
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c index 977bed73c..0566213db 100644 --- a/src/http/modules/ngx_http_proxy_module.c +++ b/src/http/modules/ngx_http_proxy_module.c @@ -1865,6 +1865,10 @@ data: } + if (ctx->size < 0 || ctx->length < 0) { + goto invalid; + } + return rc; done: diff --git a/src/http/modules/perl/nginx.pm b/src/http/modules/perl/nginx.pm index 27a6f55a4..32684feac 100644 --- a/src/http/modules/perl/nginx.pm +++ b/src/http/modules/perl/nginx.pm @@ -50,7 +50,7 @@ our @EXPORT = qw( HTTP_INSUFFICIENT_STORAGE ); -our $VERSION = '1.2.8'; +our $VERSION = '1.2.9'; require XSLoader; XSLoader::load('nginx', $VERSION); |