186526/openresty
1
0
Fork 0
mirror of https://github.com/openresty/openresty.git synced 2024-10-13 00:29:41 +00:00
Code Issues Projects Releases Wiki Activity

bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845).

Browse Source 
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
This commit is contained in:
Datong Sun
2018-11-08 18:57:35 -08:00
committed by Thibault Charbonnier
parent cf7516fcbc
commit d5f48a8b75
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
patches/patch.2018.mp4.txt Normal file
View File

@ -0,0 +1,16 @@
--- src/http/modules/ngx_http_mp4_module.c
+++ src/http/modules/ngx_http_mp4_module.c
@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file
atom_size = ngx_mp4_get_64value(atom_header + 8);
atom_header_size = sizeof(ngx_mp4_atom_header64_t);
+ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "\"%s\" mp4 atom is too small:%uL",
+ mp4->file.name.data, atom_size);
+ return NGX_ERROR;
+ }
+
} else {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
"\"%s\" mp4 atom is too small:%uL",