fix for CVE-2021-3618 (rhbz#1975651)

Signed-off-by: Felix Kaechele <heffer@fedoraproject.org>
This commit is contained in:
Felix Kaechele 2021-06-24 21:31:53 -04:00
parent f0de5036a7
commit dc9dfb7a27
2 changed files with 98 additions and 1 deletions

91
ec1071830799 Normal file
View File

@ -0,0 +1,91 @@
# HG changeset patch
# User Maxim Dounin <mdounin@mdounin.ru>
# Date 1621383211 -10800
# Node ID ec107183079903013faee7e67e8721262fd95552
# Parent b38728495e1aa06b685dc42c909fb02d3cddecfa
Mail: max_errors directive.
Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands
in Exim, specifies the number of errors after which the connection is closed.
diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail.h
--- a/src/mail/ngx_mail.h Wed May 19 03:13:28 2021 +0300
+++ b/src/mail/ngx_mail.h Wed May 19 03:13:31 2021 +0300
@@ -115,6 +115,8 @@
ngx_msec_t timeout;
ngx_msec_t resolver_timeout;
+ ngx_uint_t max_errors;
+
ngx_str_t server_name;
u_char *file_name;
@@ -231,6 +233,7 @@
ngx_uint_t command;
ngx_array_t args;
+ ngx_uint_t errors;
ngx_uint_t login_attempt;
/* used to parse POP3/IMAP/SMTP command */
diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail_core_module.c
--- a/src/mail/ngx_mail_core_module.c Wed May 19 03:13:28 2021 +0300
+++ b/src/mail/ngx_mail_core_module.c Wed May 19 03:13:31 2021 +0300
@@ -85,6 +85,13 @@
offsetof(ngx_mail_core_srv_conf_t, resolver_timeout),
NULL },
+ { ngx_string("max_errors"),
+ NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1,
+ ngx_conf_set_num_slot,
+ NGX_MAIL_SRV_CONF_OFFSET,
+ offsetof(ngx_mail_core_srv_conf_t, max_errors),
+ NULL },
+
ngx_null_command
};
@@ -163,6 +170,8 @@
cscf->timeout = NGX_CONF_UNSET_MSEC;
cscf->resolver_timeout = NGX_CONF_UNSET_MSEC;
+ cscf->max_errors = NGX_CONF_UNSET_UINT;
+
cscf->resolver = NGX_CONF_UNSET_PTR;
cscf->file_name = cf->conf_file->file.name.data;
@@ -182,6 +191,7 @@
ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout,
30000);
+ ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5);
ngx_conf_merge_str_value(conf->server_name, prev->server_name, "");
diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail_handler.c
--- a/src/mail/ngx_mail_handler.c Wed May 19 03:13:28 2021 +0300
+++ b/src/mail/ngx_mail_handler.c Wed May 19 03:13:31 2021 +0300
@@ -874,7 +874,20 @@
return NGX_MAIL_PARSE_INVALID_COMMAND;
}
- if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
+ if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) {
+
+ s->errors++;
+
+ if (s->errors >= cscf->max_errors) {
+ ngx_log_error(NGX_LOG_INFO, c->log, 0,
+ "client sent too many invalid commands");
+ s->quit = 1;
+ }
+
+ return rc;
+ }
+
+ if (rc == NGX_IMAP_NEXT) {
return rc;
}

View File

@ -29,7 +29,7 @@
Name: nginx
Epoch: 1
Version: 1.20.1
Release: 2%{?dist}
Release: 3%{?dist}
Summary: A high performance web server and reverse proxy server
# BSD License (two clause)
@ -62,6 +62,9 @@ Patch0: 0001-remove-Werror-in-upstream-build-scripts.patch
# rejected upstream: https://trac.nginx.org/nginx/ticket/1897
Patch1: 0002-fix-PIDFile-handling.patch
# Fix for CVE-2021-3618: ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication
Patch2: http://hg.nginx.org/nginx/raw-rev/ec1071830799
BuildRequires: make
BuildRequires: gcc
BuildRequires: gnupg2
@ -503,6 +506,9 @@ fi
%changelog
* Fri Jun 25 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-3
- fix for CVE-2021-3618 (rhbz#1975651)
* Tue Jun 01 2021 Felix Kaechele <heffer@fedoraproject.org> - 1:1.20.1-2
- use different fix for rhbz#1683388 as it introduced permissions issues in 1:1.20.0-2