mirror/nginx
1
0
Fork 0
mirror of https://github.com/nginx/nginx.git synced 2025-06-07 17:52:38 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Mp4: fixed reading 64-bit atoms.

Browse Source 
Previously there was no validation for the size of a 64-bit atom
in an mp4 file.  This could lead to a CPU hog when the size is 0,
or various other problems due to integer underflow when calculating
atom data size, including segmentation fault or worker process
memory disclosure.
This commit is contained in:
Roman Arutyunyan 2018-11-06 16:29:18 +03:00
parent b66ee453cc
commit 9cd9526ba6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/http/modules/ngx_http_mp4_module.c
View File

@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
atom_size = ngx_mp4_get_64value(atom_header + 8); atom_size = ngx_mp4_get_64value(atom_header + 8);
atom_header_size = sizeof(ngx_mp4_atom_header64_t); atom_header_size = sizeof(ngx_mp4_atom_header64_t);
if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
"\"%s\" mp4 atom is too small:%uL",
mp4->file.name.data, atom_size);
return NGX_ERROR;
}
} else { } else {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
"\"%s\" mp4 atom is too small:%uL", "\"%s\" mp4 atom is too small:%uL",