bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845).

Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>
pull/515/head
Datong Sun 6 years ago committed by Thibault Charbonnier
parent cf7516fcbc
commit d5f48a8b75

@ -0,0 +1,16 @@
--- src/http/modules/ngx_http_mp4_module.c
+++ src/http/modules/ngx_http_mp4_module.c
@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file
atom_size = ngx_mp4_get_64value(atom_header + 8);
atom_header_size = sizeof(ngx_mp4_atom_header64_t);
+ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "\"%s\" mp4 atom is too small:%uL",
+ mp4->file.name.data, atom_size);
+ return NGX_ERROR;
+ }
+
} else {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
"\"%s\" mp4 atom is too small:%uL",

@ -404,6 +404,20 @@ if [ "$main_ver" = "1.13.6" ]; then
echo echo
fi fi
answer=`$root/util/ver-ge "$main_ver" 1.14.1`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
echo
else
answer=`$root/util/ver-ge "$main_ver" 1.15.6`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"
patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1
echo
fi
fi
rm -f *.patch || exit 1 rm -f *.patch || exit 1
echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx" echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"

Loading…
Cancel
Save