日韩性视频-久久久蜜桃-www中文字幕-在线中文字幕av-亚洲欧美一区二区三区四区-撸久久-香蕉视频一区-久久无码精品丰满人妻-国产高潮av-激情福利社-日韩av网址大全-国产精品久久999-日本五十路在线-性欧美在线-久久99精品波多结衣一区-男女午夜免费视频-黑人极品ⅴideos精品欧美棵-人人妻人人澡人人爽精品欧美一区-日韩一区在线看-欧美a级在线免费观看

歡迎訪問 生活随笔!

生活随笔

當前位置: 首頁 > 编程资源 > 编程问答 >内容正文

编程问答

nginx 漏洞(适用于0.1.0-0.8.14)补丁

發布時間:2024/4/11 编程问答 29 豆豆
生活随笔 收集整理的這篇文章主要介紹了 nginx 漏洞(适用于0.1.0-0.8.14)补丁 小編覺得挺不錯的,現在分享給大家,幫大家做個參考.

nginx 漏洞(適用于0.1.0-0.8.14)補丁 文章來源:http://xok.la/ 漏洞介紹:
http://www.kb.cert.org/vuls/id/180065 As with a number of other web servers, nginx is designed to operate with a single privileged master process and multiple unprivileged worker processes handling specific requests. A remote, unauthenticated attacker may be able to execute arbitrary code in the context of the worker process or cause the worker process to crash, resulting in a denial of service. 補丁說明:http://sysoev.ru/nginx/patch.180065.txt 進入Nginx源碼包,找到src/http/ngx_http_parse.c 文件,修改: ? u -= 4;????
???????????? if (u < r->uri.data) {????
???????????????????????? return NGX_HTTP_PARSE_INVALID_REQUEST;????
????????????????????????????????????????????????????????????????}????
???????????????????? while (*(u - 1) != '/') { u -= 5;?
????????for ( ;; ) {?
?????????????if (u < r->uri.data) {?
?????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
????????????????????????????????????????}?
??????????????if (*u == '/') {?
??????????????????????????????????u++;?
??????????????????????????????????break;?
????????????????????????????????}
然后重新編譯。 官網補丁說明: Index: src/http/ngx_http_parse.c
===================================================================
--- src/http/ngx_http_parse.c (revision 2410)
+++ src/http/ngx_http_parse.c (revision 2411)
@@ -1134,11 +1134,15 @@
#endif
???????????????????????? case '/':
???????????????????????????????? state = sw_slash;
-????????????????????????????????u -= 4;
-????????????????????????????????if (u < r->uri.data) {
-????????????????????????????????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
-????????????????????????????????}
-????????????????????????????????while (*(u - 1) != '/') {
+????????????????????????????????u -= 5;
+????????????????????????????????for ( ;; ) {
+????????????????????????????????????????if (u < r->uri.data) {
+????????????????????????????????????????????????return NGX_HTTP_PARSE_INVALID_REQUEST;
+????????????????????????????????????????}
+????????????????????????????????????????if (*u == '/') {
+????????????????????????????????????????????????u++;
+????????????????????????????????????????????????break;
+????????????????????????????????????????}
???????????????????????????????????????? u--;
???????????????????????????????? }
???????????????????????????????? break;

轉載于:https://blog.51cto.com/cqfish/202987

總結

以上是生活随笔為你收集整理的nginx 漏洞(适用于0.1.0-0.8.14)补丁的全部內容,希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯,歡迎將生活随笔推薦給好友。