Resolves: #1975747 - CVE-2021-3618 nginx: ALPACA: Application Layer Protocol
Confusion Analyzing and Mitigating Cracks in TLS Authentication
This commit is contained in:
parent
64bb1908b9
commit
eadc7868df
96
0006-Fix-ALPACA-security-issue.patch
Normal file
96
0006-Fix-ALPACA-security-issue.patch
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
From ee8ea4f1c88a0393206769cd30a545dc3375f868 Mon Sep 17 00:00:00 2001
|
||||||
|
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
|
||||||
|
Date: Wed, 2 Feb 2022 20:14:55 +0100
|
||||||
|
Subject: [PATCH] Fix ALPACA security issue
|
||||||
|
|
||||||
|
---
|
||||||
|
src/mail/ngx_mail.h | 3 +++
|
||||||
|
src/mail/ngx_mail_core_module.c | 10 ++++++++++
|
||||||
|
src/mail/ngx_mail_handler.c | 15 ++++++++++++++-
|
||||||
|
3 files changed, 27 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/mail/ngx_mail.h b/src/mail/ngx_mail.h
|
||||||
|
index b865a3b..76cae37 100644
|
||||||
|
--- a/src/mail/ngx_mail.h
|
||||||
|
+++ b/src/mail/ngx_mail.h
|
||||||
|
@@ -115,6 +115,8 @@ typedef struct {
|
||||||
|
ngx_msec_t timeout;
|
||||||
|
ngx_msec_t resolver_timeout;
|
||||||
|
|
||||||
|
+ ngx_uint_t max_errors;
|
||||||
|
+
|
||||||
|
ngx_str_t server_name;
|
||||||
|
|
||||||
|
u_char *file_name;
|
||||||
|
@@ -231,6 +233,7 @@ typedef struct {
|
||||||
|
ngx_uint_t command;
|
||||||
|
ngx_array_t args;
|
||||||
|
|
||||||
|
+ ngx_uint_t errors;
|
||||||
|
ngx_uint_t login_attempt;
|
||||||
|
|
||||||
|
/* used to parse POP3/IMAP/SMTP command */
|
||||||
|
diff --git a/src/mail/ngx_mail_core_module.c b/src/mail/ngx_mail_core_module.c
|
||||||
|
index 4083124..115671c 100644
|
||||||
|
--- a/src/mail/ngx_mail_core_module.c
|
||||||
|
+++ b/src/mail/ngx_mail_core_module.c
|
||||||
|
@@ -85,6 +85,13 @@ static ngx_command_t ngx_mail_core_commands[] = {
|
||||||
|
offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
|
||||||
|
NULL },
|
||||||
|
|
||||||
|
+ { ngx_string("max_errors"),
|
||||||
|
+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
|
||||||
|
+ ngx_conf_set_num_slot,
|
||||||
|
+ NGX_MAIL_SRV_CONF_OFFSET,
|
||||||
|
+ offsetof(ngx_mail_core_srv_conf_t, max_errors),
|
||||||
|
+ NULL },
|
||||||
|
+
|
||||||
|
ngx_null_command
|
||||||
|
};
|
||||||
|
|
||||||
|
@@ -163,6 +170,8 @@ ngx_mail_core_create_srv_conf(ngx_conf_t *cf)
|
||||||
|
cscf->timeout = NGX_CONF_UNSET_MSEC;
|
||||||
|
cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
|
||||||
|
|
||||||
|
+ cscf->max_errors = NGX_CONF_UNSET_UINT;
|
||||||
|
+
|
||||||
|
cscf->resolver = NGX_CONF_UNSET_PTR;
|
||||||
|
|
||||||
|
cscf->file_name = cf->conf_file->file.name.data;
|
||||||
|
@@ -182,6 +191,7 @@ ngx_mail_core_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
|
||||||
|
ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
|
||||||
|
30000);
|
||||||
|
|
||||||
|
+ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
|
||||||
|
|
||||||
|
ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
|
||||||
|
|
||||||
|
diff --git a/src/mail/ngx_mail_handler.c b/src/mail/ngx_mail_handler.c
|
||||||
|
index 0aaa0e7..71b8151 100644
|
||||||
|
--- a/src/mail/ngx_mail_handler.c
|
||||||
|
+++ b/src/mail/ngx_mail_handler.c
|
||||||
|
@@ -871,7 +871,20 @@ ngx_mail_read_command(ngx_mail_session_t *s, ngx_connection_t *c)
|
||||||
|
return NGX_MAIL_PARSE_INVALID_COMMAND;
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
|
||||||
|
+ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
|
||||||
|
+
|
||||||
|
+ s->errors++;
|
||||||
|
+
|
||||||
|
+ if (s->errors >= cscf->max_errors) {
|
||||||
|
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
|
||||||
|
+ "client sent too many invalid commands");
|
||||||
|
+ s->quit = 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return rc;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (rc == NGX_IMAP_NEXT) {
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -41,7 +41,7 @@
|
|||||||
Name: nginx
|
Name: nginx
|
||||||
Epoch: 1
|
Epoch: 1
|
||||||
Version: 1.20.1
|
Version: 1.20.1
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
|
|
||||||
Summary: A high performance web server and reverse proxy server
|
Summary: A high performance web server and reverse proxy server
|
||||||
# BSD License (two clause)
|
# BSD License (two clause)
|
||||||
@ -85,6 +85,9 @@ Patch3: 0004-Set-proper-compiler-optimalization-level-O2-for-perl.pat
|
|||||||
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
|
# downstream patch for RHEL - https://bugzilla.redhat.com/show_bug.cgi?id=2006420
|
||||||
Patch4: 0005-Init-openssl-engine-properly.patch
|
Patch4: 0005-Init-openssl-engine-properly.patch
|
||||||
|
|
||||||
|
# upstream patch - fixing ALPACA(CVE-2021-3618) security issue - https://bugzilla.redhat.com/show_bug.cgi?id=1975623
|
||||||
|
Patch5: 0006-Fix-ALPACA-security-issue.patch
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: gnupg2
|
BuildRequires: gnupg2
|
||||||
@ -584,6 +587,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Feb 02 2022 Luboš Uhliarik <luhliari@redhat.com> - 1:1.20.1-10
|
||||||
|
- Resolves: #1975747 - CVE-2021-3618 nginx: ALPACA: Application Layer Protocol
|
||||||
|
Confusion - Analyzing and Mitigating Cracks in TLS Authentication
|
||||||
|
|
||||||
* Thu Dec 2 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-9
|
* Thu Dec 2 2021 Joe Orton <jorton@redhat.com> - 1:1.20.1-9
|
||||||
- add delaycompress to logrotate config (#2015250)
|
- add delaycompress to logrotate config (#2015250)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user