main/nginx/CVE-2017-7529.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

Patch-Source: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

--- a/src/http/modules/ngx_http_range_filter_module.c
+++ b/src/http/modules/ngx_http_range_filter_module.c
@@ -377,6 +377,10 @@ ngx_http_range_parse(ngx_http_request_t 
             range->start = start;
             range->end = end;
 
+            if (size > NGX_MAX_OFF_T_VALUE - (end - start)) {
+                return NGX_HTTP_RANGE_NOT_SATISFIABLE;
+            }
+
             size += end - start;
 
             if (ranges-- == 0) {