漏洞介绍:
As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service.
补丁说明:
进入Nginx源码包,找到src/http/ngx_http_parse.c 文件,修改:
u -= 4;
if (u < r->uri.data) {
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
while (*(u - 1) != '/') {
为
u -= 5;
for ( ;; ) {
if (u < r->uri.data) {
return NGX_HTTP_PARSE_INVALID_REQUEST;
}
if (*u == '/') {
u++;
break;
}
然后重新编译。
官网补丁说明:
Index: src/http/ngx_http_parse.c
===================================================================
--- src/http/ngx_http_parse.c (revision 2410)
+++ src/http/ngx_http_parse.c (revision 2411)
@@ -1134,11 +1134,15 @@
#endif
case '/':
state = sw_slash;
- u -= 4;
- if (u < r->uri.data) {
- return NGX_HTTP_PARSE_INVALID_REQUEST;
- }
- while (*(u - 1) != '/') {
+ u -= 5;
+ for ( ;; ) {
+ if (u < r->uri.data) {
+ return NGX_HTTP_PARSE_INVALID_REQUEST;
+ }
+ if (*u == '/') {
+ u++;
+ break;
+ }
u--;
}
break;
阅读(1516) | 评论(0) | 转发(0) |