Mp4: fixed reading 64-bit atoms.

Previously there was no validation for the size of a 64-bit atom in an mp4 file. This could lead to a CPU hog when the size is 0, or various other problems due to integer underflow when calculating atom data size, including segmentation fault or worker process memory disclosure.
2018-11-06 16:29:18 +03:00 · 2018-11-06 16:29:18 +03:00 · 07b5f8e603
parent b4b96440a6
commit 07b5f8e603
1 changed files with 7 additions and 0 deletions
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@ -942,6 +942,13 @@ ngx_http_mp4_read_atom(ngx_http_mp4_file_t *mp4,
                atom_size = ngx_mp4_get_64value(atom_header + 8);
                atom_header_size = sizeof(ngx_mp4_atom_header64_t);

+                if (atom_size < sizeof(ngx_mp4_atom_header64_t)) {
+                    ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+                                  "\"%s\" mp4 atom is too small:%uL",
+                                  mp4->file.name.data, atom_size);
+                    return NGX_ERROR;
+                }
+
            } else {
                ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
                              "\"%s\" mp4 atom is too small:%uL",