Download raw body.
[PATCH] fix CVE-2025-53859 for www/nginx
On 2025/08/17 15:52, Sergey A. Osokin wrote:
> Hi Rafael,
>
> On Sun, Aug 17, 2025 at 03:33:29PM +0000, Sergey A. Osokin wrote:
> > On Sun, Aug 17, 2025 at 04:23:14PM +0200, Rafael Sadowski wrote:
> > > On Sat Aug 16, 2025 at 04:48:08PM +0000, Sergey A. Osokin wrote:
> > > >
> > > > here's the update for the www/nginx port, it fixes the
> > > > CVE-2025-53859 security issue with the product.
> > >
> > > Could we have patch under patches like we do in all other ports?
> >
> > Sure, let's me do that.
> > Thank you for the initial review.
>
> The updated patch is attached to the email.
> Thank you.
>
> --
> Sergey A. Osokin
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/nginx/Makefile,v
> diff -u -p -r1.193 Makefile
> --- Makefile 24 Jul 2025 23:20:36 -0000 1.193
> +++ Makefile 17 Aug 2025 15:48:42 -0000
> @@ -21,9 +21,9 @@ COMMENT-stream= nginx TCP/UDP proxy mod
> COMMENT-xslt= nginx XSLT filter module
>
> VERSION= 1.28.0
> -REVISION= 1
> -REVISION-njs= 2
> -REVISION-passenger= 2
> +REVISION= 2
> +REVISION-njs= 3
> +REVISION-passenger= 3
unless I'm mistaken about the scope of this, I think you should
probably bump REVISION-mailproxy to 2, and leave the other REVISIONs
alone.
> DISTNAME= nginx-${VERSION}
> CATEGORIES= www
>
> Index: patches/patch-src_mail_ngx_mail_handler_c
> ===================================================================
> RCS file: patches/patch-src_mail_ngx_mail_handler_c
> diff -N patches/patch-src_mail_ngx_mail_handler_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_mail_ngx_mail_handler_c 17 Aug 2025 15:48:43 -0000
> @@ -0,0 +1,125 @@
> +Index: src/mail/ngx_mail_handler.c
> +--- src/mail/ngx_mail_handler.c.orig
> ++++ src/mail/ngx_mail_handler.c
> +@@ -523,7 +523,7 @@ ngx_mail_starttls_only(ngx_mail_session_t *s, ngx_conn
> + ngx_int_t
> + ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connection_t *c, ngx_uint_t n)
> + {
> +- u_char *p, *last;
> ++ u_char *p, *pos, *last;
> + ngx_str_t *arg, plain;
> +
> + arg = s->args.elts;
> +@@ -555,7 +555,7 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connect
> + return NGX_MAIL_PARSE_INVALID_COMMAND;
> + }
> +
> +- s->login.data = p;
> ++ pos = p;
> +
> + while (p < last && *p) { p++; }
> +
> +@@ -565,7 +565,8 @@ ngx_mail_auth_plain(ngx_mail_session_t *s, ngx_connect
> + return NGX_MAIL_PARSE_INVALID_COMMAND;
> + }
> +
> +- s->login.len = p++ - s->login.data;
> ++ s->login.len = p++ - pos;
> ++ s->login.data = pos;
> +
> + s->passwd.len = last - p;
> + s->passwd.data = p;
> +@@ -583,24 +584,26 @@ ngx_int_t
> + ngx_mail_auth_login_username(ngx_mail_session_t *s, ngx_connection_t *c,
> + ngx_uint_t n)
> + {
> +- ngx_str_t *arg;
> ++ ngx_str_t *arg, login;
> +
> + arg = s->args.elts;
> +
> + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
> + "mail auth login username: \"%V\"", &arg[n]);
> +
> +- s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
> +- if (s->login.data == NULL) {
> ++ login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[n].len));
> ++ if (login.data == NULL) {
> + return NGX_ERROR;
> + }
> +
> +- if (ngx_decode_base64(&s->login, &arg[n]) != NGX_OK) {
> ++ if (ngx_decode_base64(&login, &arg[n]) != NGX_OK) {
> + ngx_log_error(NGX_LOG_INFO, c->log, 0,
> + "client sent invalid base64 encoding in AUTH LOGIN command");
> + return NGX_MAIL_PARSE_INVALID_COMMAND;
> + }
> +
> ++ s->login = login;
> ++
> + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
> + "mail auth login username: \"%V\"", &s->login);
> +
> +@@ -611,7 +614,7 @@ ngx_mail_auth_login_username(ngx_mail_session_t *s, ng
> + ngx_int_t
> + ngx_mail_auth_login_password(ngx_mail_session_t *s, ngx_connection_t *c)
> + {
> +- ngx_str_t *arg;
> ++ ngx_str_t *arg, passwd;
> +
> + arg = s->args.elts;
> +
> +@@ -620,18 +623,19 @@ ngx_mail_auth_login_password(ngx_mail_session_t *s, ng
> + "mail auth login password: \"%V\"", &arg[0]);
> + #endif
> +
> +- s->passwd.data = ngx_pnalloc(c->pool,
> +- ngx_base64_decoded_length(arg[0].len));
> +- if (s->passwd.data == NULL) {
> ++ passwd.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
> ++ if (passwd.data == NULL) {
> + return NGX_ERROR;
> + }
> +
> +- if (ngx_decode_base64(&s->passwd, &arg[0]) != NGX_OK) {
> ++ if (ngx_decode_base64(&passwd, &arg[0]) != NGX_OK) {
> + ngx_log_error(NGX_LOG_INFO, c->log, 0,
> + "client sent invalid base64 encoding in AUTH LOGIN command");
> + return NGX_MAIL_PARSE_INVALID_COMMAND;
> + }
> +
> ++ s->passwd = passwd;
> ++
> + #if (NGX_DEBUG_MAIL_PASSWD)
> + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
> + "mail auth login password: \"%V\"", &s->passwd);
> +@@ -674,23 +678,25 @@ ngx_int_t
> + ngx_mail_auth_cram_md5(ngx_mail_session_t *s, ngx_connection_t *c)
> + {
> + u_char *p, *last;
> +- ngx_str_t *arg;
> ++ ngx_str_t *arg, login;
> +
> + arg = s->args.elts;
> +
> + ngx_log_debug1(NGX_LOG_DEBUG_MAIL, c->log, 0,
> + "mail auth cram-md5: \"%V\"", &arg[0]);
> +
> +- s->login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
> +- if (s->login.data == NULL) {
> ++ login.data = ngx_pnalloc(c->pool, ngx_base64_decoded_length(arg[0].len));
> ++ if (login.data == NULL) {
> + return NGX_ERROR;
> + }
> +
> +- if (ngx_decode_base64(&s->login, &arg[0]) != NGX_OK) {
> ++ if (ngx_decode_base64(&login, &arg[0]) != NGX_OK) {
> + ngx_log_error(NGX_LOG_INFO, c->log, 0,
> + "client sent invalid base64 encoding in AUTH CRAM-MD5 command");
> + return NGX_MAIL_PARSE_INVALID_COMMAND;
> + }
> ++
> ++ s->login = login;
> +
> + p = s->login.data;
> + last = p + s->login.len;
[PATCH] fix CVE-2025-53859 for www/nginx