How to reproduce issue CVE-2016-4450?

石磊 shilei at qiyi.com
Mon Jun 6 01:50:28 UTC 2016


Thank you very much for the quick response.
So can I say that if the nginx do not read the request body, it will not have the “CVE-2016-4450” issue?

Thanks!

From: 石磊
Sent: Friday, June 03, 2016 2:55 PM
To: 'nginx at nginx.org'
Subject: How to reproduce issue CVE-2016-4450?

Hi,

I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file.
Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server.

Refer to CVE-2016-4450:
A problem was identified in nginx code responsible for saving
client request body to a temporary file.  A specially crafted request
might result in worker process crash due to a NULL pointer dereference
while writing client request body to a temporary file (CVE-2016-4450).

Thanks!


石  磊
技术产品中心云平台系统网络

[邮件签名logo]

爱奇艺公司
地址:北京市海淀区海淀北一街2号鸿诚拓展大厦17层
邮编:100080
手机:+86 138 1180 3496
电话:
传真:+86 10 6267 7000
邮箱:shilei at qiyi.com<mailto:shilei at qiyi.com>
网址:www.iQIYI.com<http://www.iQIYI.com>  www.ppstream.com<http://www.ppstream.com/>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160606/2d338758/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 25521 bytes
Desc: image001.jpg
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160606/2d338758/attachment.jpg>


More information about the nginx mailing list