automatic import of nginxopeneuler24.03_LTS

author: CoprDistGit <infra@openeuler.org> 2024-10-31 07:11:45 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-10-31 07:11:45 +0000
commit: 6c94cd3bcc5f9cae45fa80e3048d7cb395f05796 (patch)
tree: d912ce6e29bf07d987257bba72caf31c5473c4b6 /backport-CVE-2024-7347.patch
parent: 85df9bedbac03a69d4687d8a3d75fe5e6ba2dce7 (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/backport-CVE-2024-7347.patch b/backport-CVE-2024-7347.patch
new file mode 100644
index 0000000..d4e44c8
--- /dev/null
+++ b/backport-CVE-2024-7347.patch
@@ -0,0 +1,43 @@
+diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
+--- a/src/http/modules/ngx_http_mp4_module.c
++++ b/src/http/modules/ngx_http_mp4_module.c
+@@ -3099,7 +3099,8 @@ static ngx_int_t
+ ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
+     ngx_http_mp4_trak_t *trak, ngx_uint_t start)
+ {
+-    uint32_t               start_sample, chunk, samples, id, next_chunk, n,
++    uint64_t               n;
++    uint32_t               start_sample, chunk, samples, id, next_chunk,
+                            prev_samples;
+     ngx_buf_t             *data, *buf;
+     ngx_uint_t             entries, target_chunk, chunk_samples;
+@@ -3155,12 +3156,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4
+ 
+         next_chunk = ngx_mp4_get_32value(entry->chunk);
+ 
++        if (next_chunk < chunk) {
++            ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
++                          "unordered mp4 stsc chunks in \"%s\"",
++                          mp4->file.name.data);
++            return NGX_ERROR;
++        }
++
+         ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
+                        "sample:%uD, chunk:%uD, chunks:%uD, "
+                        "samples:%uD, id:%uD",
+                        start_sample, chunk, next_chunk - chunk, samples, id);
+ 
+-        n = (next_chunk - chunk) * samples;
++        n = (uint64_t) (next_chunk - chunk) * samples;
+ 
+         if (start_sample < n) {
+             goto found;
+@@ -3182,7 +3190,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4
+                    "sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
+                    start_sample, chunk, next_chunk - chunk, samples);
+ 
+-    n = (next_chunk - chunk) * samples;
++    n = (uint64_t) (next_chunk - chunk) * samples;
+ 
+     if (start_sample > n) {
+         ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
author	CoprDistGit <infra@openeuler.org>	2024-10-31 07:11:45 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-10-31 07:11:45 +0000
commit	6c94cd3bcc5f9cae45fa80e3048d7cb395f05796 (patch)
tree	d912ce6e29bf07d987257bba72caf31c5473c4b6 /backport-CVE-2024-7347.patch
parent	85df9bedbac03a69d4687d8a3d75fe5e6ba2dce7 (diff)