Hi, I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file. Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server.
Refer to CVE-2016-4450: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). Thanks! 石 磊 技术产品中心云平台系统网络 [邮件签名logo] 爱奇艺公司 地址:北京市海淀区海淀北一街2号鸿诚拓展大厦17层 邮编:100080 手机:+86 138 1180 3496 电话: 传真:+86 10 6267 7000 邮箱:[email protected]<mailto:[email protected]> 网址:www.iQIYI.com www.ppstream.com<http://www.ppstream.com/>
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
