| Message ID | 20221123152303.244018-1-manojsingh.saun@windriver.com |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [meta-secure-core,kirkstone,1/1] Signed-off-by: Manoj Saun <manojsingh.saun@windriver.com> | expand |
This is the wrong mailing list for your patch since it is for meta-openembedded, not oe-core. You should send it to: openembedded-devel@lists.openembedded.org Steve On Wed, Nov 23, 2022 at 5:23 AM Manoj Saun <manojsingh.saun@windriver.com> wrote: > > -> nginx: fix CVE-2022-41741 > > -> nginx: disabled duplicate atoms. > > -> Reference: > -> https://nvd.nist.gov/vuln/detail/CVE-2022-41742 > > -> Upstream fixes: > -> https://github.com/nginx/nginx/commit/0d23105373e6d8a720b9826079c077b9b4be919d > > -> (LOCAL REV: NOT UPSTREAM) -- Not applicable, upstream out of maintenance > --- > .../0001-Mp4-disabled-duplicate-atoms.patch | 313 ++++++++++++++++++ > meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + > 2 files changed, 314 insertions(+) > create mode 100644 meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch > > diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch > new file mode 100644 > index 000000000..0b0753c4c > --- /dev/null > +++ b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch > @@ -0,0 +1,313 @@ > +From 0d23105373e6d8a720b9826079c077b9b4be919d Mon Sep 17 00:00:00 2001 > +From: Roman Arutyunyan <arut@nginx.com> > +Date: Wed, 19 Oct 2022 10:53:17 +0300 > +Subject: [PATCH] Mp4: disabled duplicate atoms. > + > +Most atoms should not appear more than once in a container. Previously, > +this was not enforced by the module, which could result in worker process > +crash, memory corruption and disclosure. > +--- > + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ > + 1 file changed, 147 insertions(+) > + > +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c > +index 5721efbe..75a7315f 100644 > +--- a/src/http/modules/ngx_http_mp4_module.c > ++++ b/src/http/modules/ngx_http_mp4_module.c > +@@ -1121,6 +1121,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + return NGX_ERROR; > + } > + > ++ if (mp4->ftyp_atom.buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; > + > + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); > +@@ -1179,6 +1185,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + return NGX_DECLINED; > + } > + > ++ if (mp4->moov_atom.buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); > + > + if (atom_data_size > mp4->buffer_size) { > +@@ -1246,6 +1258,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); > + > ++ if (mp4->mdat_atom.buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + data = &mp4->mdat_data_buf; > + data->file = &mp4->file; > + data->in_file = 1; > +@@ -1372,6 +1390,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); > + > ++ if (mp4->mvhd_atom.buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom_header = ngx_mp4_atom_header(mp4); > + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; > + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; > +@@ -1637,6 +1661,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->tkhd_size = atom_size; > + trak->movie_duration = duration; > + > +@@ -1676,6 +1707,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->mdia_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -1799,6 +1836,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->mdhd_size = atom_size; > + trak->timescale = timescale; > + trak->duration = duration; > +@@ -1862,6 +1906,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->hdlr_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -1890,6 +1940,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->minf_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -1933,6 +1989,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf > ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) > ++ { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", > ++ mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->vmhd_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -1964,6 +2029,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf > ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) > ++ { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", > ++ mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->smhd_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -1995,6 +2069,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->dinf_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -2023,6 +2103,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->stbl_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -2144,6 +2230,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + > + trak = ngx_mp4_last_trak(mp4); > + > ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + atom = &trak->stsd_atom_buf; > + atom->temporary = 1; > + atom->pos = atom_header; > +@@ -2212,6 +2304,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->time_to_sample_entries = entries; > + > + atom = &trak->stts_atom_buf; > +@@ -2480,6 +2579,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + "sync sample entries:%uD", entries); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->sync_samples_entries = entries; > + > + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); > +@@ -2678,6 +2784,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + "composition offset entries:%uD", entries); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->composition_offset_entries = entries; > + > + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); > +@@ -2881,6 +2994,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->sample_to_chunk_entries = entries; > + > + atom = &trak->stsc_atom_buf; > +@@ -3213,6 +3333,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + "sample uniform size:%uD, entries:%uD", size, entries); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->sample_sizes_entries = entries; > + > + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); > +@@ -3396,6 +3523,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_end = atom_table + entries * sizeof(uint32_t); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf > ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) > ++ { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stco/co64 atom in \"%s\"", > ++ mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->chunks = entries; > + > + atom = &trak->stco_atom_buf; > +@@ -3602,6 +3739,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) > + atom_end = atom_table + entries * sizeof(uint64_t); > + > + trak = ngx_mp4_last_trak(mp4); > ++ > ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf > ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) > ++ { > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > ++ "duplicate mp4 stco/co64 atom in \"%s\"", > ++ mp4->file.name.data); > ++ return NGX_ERROR; > ++ } > ++ > + trak->chunks = entries; > + > + atom = &trak->co64_atom_buf; > +-- > +2.34.1 > + > diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc > index dfced3330..754290d3a 100644 > --- a/meta-webserver/recipes-httpd/nginx/nginx.inc > +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc > @@ -22,6 +22,7 @@ SRC_URI = " \ > file://nginx-volatile.conf \ > file://nginx.service \ > file://nginx-fix-pidfile.patch \ > + file://0001-Mp4-disabled-duplicate-atoms.patch \ > " > > inherit siteinfo update-rc.d useradd systemd > -- > 2.34.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#173720): https://lists.openembedded.org/g/openembedded-core/message/173720 > Mute This Topic: https://lists.openembedded.org/mt/95219628/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
The commit message also needs to be rewritten to follow the common praxis for the repositories. //Peter > -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Steve Sakoman > Sent: den 23 november 2022 16:44 > To: Manoj Saun <manojsingh.saun@windriver.com> > Cc: openembedded-core@lists.openembedded.org; narpat.mali@windriver.com > Subject: Re: [OE-core] [meta-secure-core][kirkstone][PATCH 1/1] Signed- > off-by: Manoj Saun <manojsingh.saun@windriver.com> > > This is the wrong mailing list for your patch since it is for > meta-openembedded, not oe-core. You should send it to: > openembedded-devel@lists.openembedded.org > > Steve > > On Wed, Nov 23, 2022 at 5:23 AM Manoj Saun > <manojsingh.saun@windriver.com> wrote: > > > > -> nginx: fix CVE-2022-41741 > > > > -> nginx: disabled duplicate atoms. > > > > -> Reference: > > -> https://nvd.nist.gov/vuln/detail/CVE-2022-41742 > > > > -> Upstream fixes: > > -> > https://github.com/nginx/nginx/commit/0d23105373e6d8a720b9826079c077b9b4be > 919d > > > > -> (LOCAL REV: NOT UPSTREAM) -- Not applicable, upstream out of > maintenance > > --- > > .../0001-Mp4-disabled-duplicate-atoms.patch | 313 ++++++++++++++++++ > > meta-webserver/recipes-httpd/nginx/nginx.inc | 1 + > > 2 files changed, 314 insertions(+) > > create mode 100644 meta-webserver/recipes-httpd/nginx/files/0001-Mp4- > disabled-duplicate-atoms.patch > > > > diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled- > duplicate-atoms.patch b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4- > disabled-duplicate-atoms.patch > > new file mode 100644 > > index 000000000..0b0753c4c > > --- /dev/null > > +++ b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled- > duplicate-atoms.patch > > @@ -0,0 +1,313 @@ > > +From 0d23105373e6d8a720b9826079c077b9b4be919d Mon Sep 17 00:00:00 2001 > > +From: Roman Arutyunyan <arut@nginx.com> > > +Date: Wed, 19 Oct 2022 10:53:17 +0300 > > +Subject: [PATCH] Mp4: disabled duplicate atoms. > > + > > +Most atoms should not appear more than once in a container. > Previously, > > +this was not enforced by the module, which could result in worker > process > > +crash, memory corruption and disclosure. > > +--- > > + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ > > + 1 file changed, 147 insertions(+) > > + > > +diff --git a/src/http/modules/ngx_http_mp4_module.c > b/src/http/modules/ngx_http_mp4_module.c > > +index 5721efbe..75a7315f 100644 > > +--- a/src/http/modules/ngx_http_mp4_module.c > > ++++ b/src/http/modules/ngx_http_mp4_module.c > > +@@ -1121,6 +1121,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + return NGX_ERROR; > > + } > > + > > ++ if (mp4->ftyp_atom.buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 ftyp atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) > atom_data_size; > > + > > + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); > > +@@ -1179,6 +1185,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + return NGX_DECLINED; > > + } > > + > > ++ if (mp4->moov_atom.buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 moov atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + conf = ngx_http_get_module_loc_conf(mp4->request, > ngx_http_mp4_module); > > + > > + if (atom_data_size > mp4->buffer_size) { > > +@@ -1246,6 +1258,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat > atom"); > > + > > ++ if (mp4->mdat_atom.buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 mdat atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + data = &mp4->mdat_data_buf; > > + data->file = &mp4->file; > > + data->in_file = 1; > > +@@ -1372,6 +1390,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd > atom"); > > + > > ++ if (mp4->mvhd_atom.buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 mvhd atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom_header = ngx_mp4_atom_header(mp4); > > + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; > > + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; > > +@@ -1637,6 +1661,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) > atom_data_size; > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 tkhd atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->tkhd_size = atom_size; > > + trak->movie_duration = duration; > > + > > +@@ -1676,6 +1707,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 mdia atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->mdia_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -1799,6 +1836,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) > atom_data_size; > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 mdhd atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->mdhd_size = atom_size; > > + trak->timescale = timescale; > > + trak->duration = duration; > > +@@ -1862,6 +1906,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 hdlr atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->hdlr_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -1890,6 +1940,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 minf atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->minf_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -1933,6 +1989,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf > > ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) > > ++ { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", > > ++ mp4->file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->vmhd_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -1964,6 +2029,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf > > ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) > > ++ { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", > > ++ mp4->file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->smhd_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -1995,6 +2069,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 dinf atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->dinf_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -2023,6 +2103,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stbl atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->stbl_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -2144,6 +2230,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + > > + trak = ngx_mp4_last_trak(mp4); > > + > > ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stsd atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + atom = &trak->stsd_atom_buf; > > + atom->temporary = 1; > > + atom->pos = atom_header; > > +@@ -2212,6 +2304,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stts atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->time_to_sample_entries = entries; > > + > > + atom = &trak->stts_atom_buf; > > +@@ -2480,6 +2579,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + "sync sample entries:%uD", entries); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stss atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->sync_samples_entries = entries; > > + > > + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); > > +@@ -2678,6 +2784,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + "composition offset entries:%uD", entries); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 ctts atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->composition_offset_entries = entries; > > + > > + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); > > +@@ -2881,6 +2994,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stsc atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->sample_to_chunk_entries = entries; > > + > > + atom = &trak->stsc_atom_buf; > > +@@ -3213,6 +3333,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + "sample uniform size:%uD, entries:%uD", size, > entries); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stsz atom in \"%s\"", mp4- > >file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->sample_sizes_entries = entries; > > + > > + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); > > +@@ -3396,6 +3523,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_end = atom_table + entries * sizeof(uint32_t); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf > > ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) > > ++ { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stco/co64 atom in \"%s\"", > > ++ mp4->file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->chunks = entries; > > + > > + atom = &trak->stco_atom_buf; > > +@@ -3602,6 +3739,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t > *mp4, uint64_t atom_data_size) > > + atom_end = atom_table + entries * sizeof(uint64_t); > > + > > + trak = ngx_mp4_last_trak(mp4); > > ++ > > ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf > > ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) > > ++ { > > ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, > > ++ "duplicate mp4 stco/co64 atom in \"%s\"", > > ++ mp4->file.name.data); > > ++ return NGX_ERROR; > > ++ } > > ++ > > + trak->chunks = entries; > > + > > + atom = &trak->co64_atom_buf; > > +-- > > +2.34.1 > > + > > diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta- > webserver/recipes-httpd/nginx/nginx.inc > > index dfced3330..754290d3a 100644 > > --- a/meta-webserver/recipes-httpd/nginx/nginx.inc > > +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc > > @@ -22,6 +22,7 @@ SRC_URI = " \ > > file://nginx-volatile.conf \ > > file://nginx.service \ > > file://nginx-fix-pidfile.patch \ > > + file://0001-Mp4-disabled-duplicate-atoms.patch \ > > " > > > > inherit siteinfo update-rc.d useradd systemd > > -- > > 2.34.1 > > > > > > > >
diff --git a/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch new file mode 100644 index 000000000..0b0753c4c --- /dev/null +++ b/meta-webserver/recipes-httpd/nginx/files/0001-Mp4-disabled-duplicate-atoms.patch @@ -0,0 +1,313 @@ +From 0d23105373e6d8a720b9826079c077b9b4be919d Mon Sep 17 00:00:00 2001 +From: Roman Arutyunyan <arut@nginx.com> +Date: Wed, 19 Oct 2022 10:53:17 +0300 +Subject: [PATCH] Mp4: disabled duplicate atoms. + +Most atoms should not appear more than once in a container. Previously, +this was not enforced by the module, which could result in worker process +crash, memory corruption and disclosure. +--- + src/http/modules/ngx_http_mp4_module.c | 147 +++++++++++++++++++++++++ + 1 file changed, 147 insertions(+) + +diff --git a/src/http/modules/ngx_http_mp4_module.c b/src/http/modules/ngx_http_mp4_module.c +index 5721efbe..75a7315f 100644 +--- a/src/http/modules/ngx_http_mp4_module.c ++++ b/src/http/modules/ngx_http_mp4_module.c +@@ -1121,6 +1121,12 @@ ngx_http_mp4_read_ftyp_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_ERROR; + } + ++ if (mp4->ftyp_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ftyp atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + ftyp_atom = ngx_palloc(mp4->request->pool, atom_size); +@@ -1179,6 +1185,12 @@ ngx_http_mp4_read_moov_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + return NGX_DECLINED; + } + ++ if (mp4->moov_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 moov atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + conf = ngx_http_get_module_loc_conf(mp4->request, ngx_http_mp4_module); + + if (atom_data_size > mp4->buffer_size) { +@@ -1246,6 +1258,12 @@ ngx_http_mp4_read_mdat_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mdat atom"); + ++ if (mp4->mdat_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdat atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + data = &mp4->mdat_data_buf; + data->file = &mp4->file; + data->in_file = 1; +@@ -1372,6 +1390,12 @@ ngx_http_mp4_read_mvhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, mp4->file.log, 0, "mp4 mvhd atom"); + ++ if (mp4->mvhd_atom.buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mvhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom_header = ngx_mp4_atom_header(mp4); + mvhd_atom = (ngx_mp4_mvhd_atom_t *) atom_header; + mvhd64_atom = (ngx_mp4_mvhd64_atom_t *) atom_header; +@@ -1637,6 +1661,13 @@ ngx_http_mp4_read_tkhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_TKHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 tkhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->tkhd_size = atom_size; + trak->movie_duration = duration; + +@@ -1676,6 +1707,12 @@ ngx_http_mp4_read_mdia_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MDIA_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdia atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->mdia_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1799,6 +1836,13 @@ ngx_http_mp4_read_mdhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_size = sizeof(ngx_mp4_atom_header_t) + (size_t) atom_data_size; + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_MDHD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 mdhd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->mdhd_size = atom_size; + trak->timescale = timescale; + trak->duration = duration; +@@ -1862,6 +1906,12 @@ ngx_http_mp4_read_hdlr_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_HDLR_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 hdlr atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->hdlr_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1890,6 +1940,12 @@ ngx_http_mp4_read_minf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_MINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 minf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->minf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1933,6 +1989,15 @@ ngx_http_mp4_read_vmhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->vmhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1964,6 +2029,15 @@ ngx_http_mp4_read_smhd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_VMHD_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_SMHD_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 vmhd/smhd atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->smhd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -1995,6 +2069,12 @@ ngx_http_mp4_read_dinf_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_DINF_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 dinf atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->dinf_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2023,6 +2103,12 @@ ngx_http_mp4_read_stbl_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STBL_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stbl atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stbl_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2144,6 +2230,12 @@ ngx_http_mp4_read_stsd_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + + trak = ngx_mp4_last_trak(mp4); + ++ if (trak->out[NGX_HTTP_MP4_STSD_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsd atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + atom = &trak->stsd_atom_buf; + atom->temporary = 1; + atom->pos = atom_header; +@@ -2212,6 +2304,13 @@ ngx_http_mp4_read_stts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stts_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->time_to_sample_entries = entries; + + atom = &trak->stts_atom_buf; +@@ -2480,6 +2579,13 @@ ngx_http_mp4_read_stss_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sync sample entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stss atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sync_samples_entries = entries; + + atom_table = atom_header + sizeof(ngx_http_mp4_stss_atom_t); +@@ -2678,6 +2784,13 @@ ngx_http_mp4_read_ctts_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "composition offset entries:%uD", entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_CTTS_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 ctts atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->composition_offset_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_ctts_atom_t); +@@ -2881,6 +2994,13 @@ ngx_http_mp4_read_stsc_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(ngx_mp4_stsc_entry_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSC_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsc atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_to_chunk_entries = entries; + + atom = &trak->stsc_atom_buf; +@@ -3213,6 +3333,13 @@ ngx_http_mp4_read_stsz_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + "sample uniform size:%uD, entries:%uD", size, entries); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STSZ_ATOM].buf) { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stsz atom in \"%s\"", mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->sample_sizes_entries = entries; + + atom_table = atom_header + sizeof(ngx_mp4_stsz_atom_t); +@@ -3396,6 +3523,16 @@ ngx_http_mp4_read_stco_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint32_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->stco_atom_buf; +@@ -3602,6 +3739,16 @@ ngx_http_mp4_read_co64_atom(ngx_http_mp4_file_t *mp4, uint64_t atom_data_size) + atom_end = atom_table + entries * sizeof(uint64_t); + + trak = ngx_mp4_last_trak(mp4); ++ ++ if (trak->out[NGX_HTTP_MP4_STCO_ATOM].buf ++ || trak->out[NGX_HTTP_MP4_CO64_ATOM].buf) ++ { ++ ngx_log_error(NGX_LOG_ERR, mp4->file.log, 0, ++ "duplicate mp4 stco/co64 atom in \"%s\"", ++ mp4->file.name.data); ++ return NGX_ERROR; ++ } ++ + trak->chunks = entries; + + atom = &trak->co64_atom_buf; +-- +2.34.1 + diff --git a/meta-webserver/recipes-httpd/nginx/nginx.inc b/meta-webserver/recipes-httpd/nginx/nginx.inc index dfced3330..754290d3a 100644 --- a/meta-webserver/recipes-httpd/nginx/nginx.inc +++ b/meta-webserver/recipes-httpd/nginx/nginx.inc @@ -22,6 +22,7 @@ SRC_URI = " \ file://nginx-volatile.conf \ file://nginx.service \ file://nginx-fix-pidfile.patch \ + file://0001-Mp4-disabled-duplicate-atoms.patch \ " inherit siteinfo update-rc.d useradd systemd