From d5f48a8b75052b1ab6a74d1257ae6b02c737face Mon Sep 17 00:00:00 2001 From: Datong Sun Date: Thu, 8 Nov 2018 18:57:35 -0800 Subject: [PATCH] bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16845). Signed-off-by: Thibault Charbonnier --- patches/patch.2018.mp4.txt | 16 ++++++++++++++++ util/mirror-tarballs | 14 ++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 patches/patch.2018.mp4.txt diff --git a/patches/patch.2018.mp4.txt b/patches/patch.2018.mp4.txt new file mode 100644 index 0000000..d2f9e64 --- /dev/null +++ b/patches/patch.2018.mp4.txt @@ -0,0 +1,16 @@ +--- src/http/modules/ngx_http_mp4_module.c ++++ src/http/modules/ngx_http_mp4_module.c +@@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file + atom_size = ngx_mp4_get_64value(atom_header + 8); + atom_header_size = sizeof(ngx_mp4_atom_header64_t); + ++ if (atom_size < sizeof(ngx_mp4_atom_header64_t)) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "\"%s\" mp4 atom is too small:%uL", ++ mp4->file.name.data, atom_size); ++ return NGX_ERROR; ++ } ++ + } else { + ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, + "\"%s\" mp4 atom is too small:%uL", diff --git a/util/mirror-tarballs b/util/mirror-tarballs index 8c08c91..116fe61 100755 --- a/util/mirror-tarballs +++ b/util/mirror-tarballs @@ -404,6 +404,20 @@ if [ "$main_ver" = "1.13.6" ]; then echo fi +answer=`$root/util/ver-ge "$main_ver" 1.14.1` +if [ "$answer" = "N" ]; then + echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)" + patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1 + echo +else + answer=`$root/util/ver-ge "$main_ver" 1.15.6` + if [ "$answer" = "N" ]; then + echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)" + patch -p0 < $root/patches/patch.2018.mp4.txt || exit 1 + echo + fi +fi + rm -f *.patch || exit 1 echo "$info_txt applying the always_enable_cc_feature_tests patch to nginx"