packages/nginx
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!91 [sync] PR-88: fix CVE-2024-7347

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @overweight 
Signed-off-by: @overweight
This commit is contained in:
openeuler-ci-bot 2024-08-29 01:08:29 +00:00 committed by Gitee
commit be9a3604a9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
backport-CVE-2024-7347.patch Normal file
View File

@ -0,0 +1,43 @@
diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c
--- a/src/http/modules/ngx_http_mp4_module.c
+++ b/src/http/modules/ngx_http_mp4_module.c
@@ -3099,7 +3099,8 @@ static ngx_int_t
ngx_http_mp4_crop_stsc_data(ngx_http_mp4_file_t *mp4,
ngx_http_mp4_trak_t *trak, ngx_uint_t start)
{
- uint32_t start_sample, chunk, samples, id, next_chunk, n,
+ uint64_t n;
+ uint32_t start_sample, chunk, samples, id, next_chunk,
prev_samples;
ngx_buf_t *data, *buf;
ngx_uint_t entries, target_chunk, chunk_samples;
@@ -3155,12 +3156,19 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4
next_chunk = ngx_mp4_get_32value(entry->chunk);
+ if (next_chunk < chunk) {
+ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,
+ "unordered mp4 stsc chunks in \"%s\"",
+ mp4->file.name.data);
+ return NGX_ERROR;
+ }
+
ngx_log_debug5(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0,
"sample:%uD, chunk:%uD, chunks:%uD, "
"samples:%uD, id:%uD",
start_sample, chunk, next_chunk - chunk, samples, id);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample < n) {
goto found;
@@ -3182,7 +3190,7 @@ ngx_http_mp4_crop_stsc_data(ngx_http_mp4
"sample:%uD, chunk:%uD, chunks:%uD, samples:%uD",
start_sample, chunk, next_chunk - chunk, samples);
- n = (next_chunk - chunk) * samples;
+ n = (uint64_t) (next_chunk - chunk) * samples;
if (start_sample > n) {
ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0,

7
nginx.spec
View File

@ -17,7 +17,7 @@
Name: nginx Name: nginx
Epoch: 1 Epoch: 1
Version: 1.24.0 Version: 1.24.0
Release: 1 Release: 2
Summary: A HTTP server, reverse proxy and mail proxy server Summary: A HTTP server, reverse proxy and mail proxy server
License: BSD License: BSD
URL: http://nginx.org/ URL: http://nginx.org/
@ -40,6 +40,8 @@ Patch0: nginx-auto-cc-gcc.patch
Patch1: nginx-1.12.1-logs-perm.patch Patch1: nginx-1.12.1-logs-perm.patch
Patch2: nginx-fix-pidfile.patch Patch2: nginx-fix-pidfile.patch
Patch3: backport-CVE-2023-44487.patch Patch3: backport-CVE-2023-44487.patch
# https://nginx.org/download/patch.2024.mp4.txt
Patch4: backport-CVE-2024-7347.patch
BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel BuildRequires: gcc openssl-devel pcre2-devel zlib-devel systemd gperftools-devel
Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl Requires: nginx-filesystem = %{epoch}:%{version}-%{release} openssl
@ -387,6 +389,9 @@ fi
%{_mandir}/man8/nginx.8* %{_mandir}/man8/nginx.8*
%changelog %changelog
* Thu Aug 15 2024 Funda Wang <fundawang@yeah.net> - 1:1.24.0-2
- fix CVE-2024-7347
* Tue Jan 02 2024 gaihuiying <eaglegai@163.com> - 1:1.24.0-1 * Tue Jan 02 2024 gaihuiying <eaglegai@163.com> - 1:1.24.0-1
- update nginx to 1.24.0 - update nginx to 1.24.0