Blame SOURCES/nginx-1.8.1-CVE-2018-16845.patch
|
 |
795e49 |
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
|
|
|
795e49 |
index 980bf57..b165d79 100644
|
|
|
795e49 |
--- a/src/http/modules/ngx_http_mp4_module.c
|
|
|
795e49 |
+++ b/src/http/modules/ngx_http_mp4_module.c
|
|
|
795e49 |
@@ -896,6 +896,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
|
|
|
795e49 |
atom_size = ngx_mp4_get_64value(atom_header + 8);
|
|
|
795e49 |
atom_header_size = sizeof(ngx_mp4_atom_header64_t);
|
|
|
795e49 |
|
|
|
795e49 |
+ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
|
|
|
795e49 |
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
|
|
795e49 |
+ "\"%s\" mp4 atom is too small:%uL",
|
|
|
795e49 |
+ mp4->file.name.data, atom_size);
|
|
|
795e49 |
+ return NGX_ERROR;
|
|
|
795e49 |
+ }
|
|
|
795e49 |
+
|
|
|
795e49 |
} else {
|
|
|
795e49 |
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
|
|
|
795e49 |
"\"%s\" mp4 atom is too small:%uL",
|