MFH: r525647

Add patch for CVE-2019-20372 NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372 PR: 243952 Reported by: koobs and many more Security: c1202de8-4b29-11ea-9673-4c72b94353b5 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat)
svn path=/branches/2020Q1/; revision=525648
2020-02-09 11:19:01 +00:00 · 2020-02-09 11:19:01 +00:00 · afb0d9cb49 · 2021-03-31 03:12:20 +00:00
commit afb0d9cb49
parent 0dfde32246
2 changed files with 29 additions and 1 deletions
--- a/www/nginx/Makefile
+++ b/www/nginx/Makefile
@ -3,7 +3,7 @@

 PORTNAME=	nginx
 PORTVERSION=	1.16.1
-PORTREVISION?=	8
+PORTREVISION?=	11
 PORTEPOCH=	2
 CATEGORIES=	www
 MASTER_SITES=	https://nginx.org/download/ \
--- a/www/nginx/files/patch-CVE-2019-20372
+++ b/www/nginx/files/patch-CVE-2019-20372
@ -0,0 +1,28 @@
+From 8bffc01d084b4881e3eed2052c115b8f04268cb9 Mon Sep 17 00:00:00 2001
+From: Ruslan Ermilov <ru@nginx.com>
+Date: Mon, 23 Dec 2019 15:45:46 +0300
+Subject: [PATCH] Discard request body when redirecting to a URL via
+ error_page.
+
+Reported by Bert JW Regeer and Francisco Oca Gonzalez.
+---
+ src/http/ngx_http_special_response.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/src/http/ngx_http_special_response.c b/src/http/ngx_http_special_response.c
+index 2c1ff174..e2a5e9dc 100644
+--- src/http/ngx_http_special_response.c
+++ src/http/ngx_http_special_response.c
+@@ -623,6 +623,12 @@ ngx_http_send_error_page(ngx_http_request_t *r, ngx_http_err_page_t *err_page)
+         return ngx_http_named_location(r, &uri);
+     }
+ 
+    r->expect_tested = 1;
+
+    if (ngx_http_discard_request_body(r) != NGX_OK) {
+        r->keepalive = 0;
+    }
+
+     location = ngx_list_push(&r->headers_out.headers);
+ 
+     if (location == NULL) {