Thank you very much for the quick response. So can I say that if the nginx do not read the request body, it will not have the “CVE-2016-4450” issue?
Thanks! From: 石磊 Sent: Friday, June 03, 2016 2:55 PM To: '[email protected]' Subject: How to reproduce issue CVE-2016-4450? Hi, I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file. Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server. Refer to CVE-2016-4450: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). Thanks! 石 磊 技术产品中心云平台系统网络 [邮件签名logo] 爱奇艺公司 地址:北京市海淀区海淀北一街2号鸿诚拓展大厦17层 邮编:100080 手机:+86 138 1180 3496 电话: 传真:+86 10 6267 7000 邮箱:[email protected]<mailto:[email protected]> 网址:www.iQIYI.com<http://www.iQIYI.com> www.ppstream.com<http://www.ppstream.com/>
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
