From 9a57a5bc9947dd73cbe060a0584599f694ef9c4d Mon Sep 17 00:00:00 2001 From: CoprDistGit Date: Tue, 19 May 2026 07:31:02 +0000 Subject: automatic import of nginx --- backport-CVE-2026-27651.patch | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 backport-CVE-2026-27651.patch (limited to 'backport-CVE-2026-27651.patch') diff --git a/backport-CVE-2026-27651.patch b/backport-CVE-2026-27651.patch new file mode 100644 index 0000000..65585ed --- /dev/null +++ b/backport-CVE-2026-27651.patch @@ -0,0 +1,28 @@ +From 9bc13718fe8a59a4538805516be7e141070c22d6 Mon Sep 17 00:00:00 2001 +From: Sergey Kandaurov +Date: Wed, 18 Mar 2026 16:39:37 +0400 +Subject: [PATCH] Mail: fixed clearing s->passwd in auth http requests. + +Previously, it was not properly cleared retaining length as part of +authenticating with CRAM-MD5 and APOP methods that expect to receive +password in auth response. This resulted in null pointer dereference +and worker process crash in subsequent auth attempts with CRAM-MD5. + +Reported by Arkadi Vainbrand. +--- + src/mail/ngx_mail_auth_http_module.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mail/ngx_mail_auth_http_module.c b/src/mail/ngx_mail_auth_http_module.c +index 4ca6d6e24d..3e5095a2d2 100644 +--- a/src/mail/ngx_mail_auth_http_module.c ++++ b/src/mail/ngx_mail_auth_http_module.c +@@ -1328,7 +1328,7 @@ ngx_mail_auth_http_create_request(ngx_mail_session_t *s, ngx_pool_t *pool, + b->last = ngx_cpymem(b->last, "Auth-Salt: ", sizeof("Auth-Salt: ") - 1); + b->last = ngx_copy(b->last, s->salt.data, s->salt.len); + +- s->passwd.data = NULL; ++ ngx_str_null(&s->passwd); + } + + b->last = ngx_cpymem(b->last, "Auth-Protocol: ", -- cgit v1.2.3