mirror of https://github.com/openresty/openresty
bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845).
Signed-off-by: Thibault Charbonnier <thibaultcha@me.com>pull/515/head
parent
cf7516fcbc
commit
d5f48a8b75
@ -0,0 +1,16 @@
|
||||
--- src/http/modules/ngx_http_mp4_module.c
|
||||
+++ src/http/modules/ngx_http_mp4_module.c
|
||||
@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file
|
||||
atom_size = ngx_mp4_get_64value(atom_header + 8);
|
||||
atom_header_size = sizeof(ngx_mp4_atom_header64_t);
|
||||
|
||||
+ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
|
||||
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
||||
+ "\"%s\" mp4 atom is too small:%uL",
|
||||
+ mp4->file.name.data, atom_size);
|
||||
+ return NGX_ERROR;
|
||||
+ }
|
||||
+
|
||||
} else {
|
||||
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
||||
"\"%s\" mp4 atom is too small:%uL",
|
Loading…
Reference in New Issue