nginx 漏洞(适用于0.1.0-0.8.14)补丁
生活随笔
收集整理的這篇文章主要介紹了
nginx 漏洞(适用于0.1.0-0.8.14)补丁
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
nginx 漏洞(適用于0.1.0-0.8.14)補(bǔ)丁 文章來源:http://xok.la/ 漏洞介紹:
http://www.kb.cert.org/vuls/id/180065 As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service. 補(bǔ)丁說明:http://sysoev.ru/nginx/patch.180065.txt 進(jìn)入Nginx源碼包,找到src/http/ngx_http_parse.c 文件,修改: ? u -= 4;????
???????????? if (u < r->uri.data) {????
???????????????????????? return NGX_HTTP_PARSE_INVALID_REQUEST;????
????????????????????????????????????????????????????????????????}????
???????????????????? while (*(u - 1) != '/') { 為 u -= 5;?
????????for ( ;; ) {?
?????????????if (u < r->uri.data) {?
?????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
????????????????????????????????????????}?
??????????????if (*u == '/') {?
??????????????????????????????????u++;?
??????????????????????????????????break;?
????????????????????????????????}
然后重新編譯。 官網(wǎng)補(bǔ)丁說明: Index: src/http/ngx_http_parse.c
===================================================================
--- src/http/ngx_http_parse.c (revision 2410)
+++ src/http/ngx_http_parse.c (revision 2411)
@@ -1134,11 +1134,15 @@
#endif
???????????????????????? case '/':
???????????????????????????????? state = sw_slash;
-????????????????????????????????u -= 4;
-????????????????????????????????if (u < r->uri.data) {
-????????????????????????????????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
-????????????????????????????????}
-????????????????????????????????while (*(u - 1) != '/') {
+????????????????????????????????u -= 5;
+????????????????????????????????for ( ;; ) {
+????????????????????????????????????????if (u < r->uri.data) {
+????????????????????????????????????????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
+????????????????????????????????????????}
+????????????????????????????????????????if (*u == '/') {
+????????????????????????????????????????????????u++;
+????????????????????????????????????????????????break;
+????????????????????????????????????????}
???????????????????????????????????????? u--;
???????????????????????????????? }
???????????????????????????????? break;
轉(zhuǎn)載于:https://blog.51cto.com/cqfish/202987
總結(jié)
以上是生活随笔為你收集整理的nginx 漏洞(适用于0.1.0-0.8.14)补丁的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: 趣味编程:C#中Specificatio
- 下一篇: Linux网络协议栈(二)——套接字缓存