!324 url: allow DoH transfers to override max connection limit

From: @sherlock2010 Reviewed-by: @jiangheng12 Signed-off-by: @jiangheng12
2024-09-23 02:49:03 +00:00 · 2024-09-23 02:49:03 +00:00 · 9f334f5233
commit 9f334f5233
parent 6ca5b9d6ac b4efa74dd0
2 changed files with 57 additions and 1 deletions
--- a/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch
+++ b/backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch
@ -0,0 +1,49 @@
+From b049388d473a9a0189f3180e57e04a39a3793382 Mon Sep 17 00:00:00 2001
+From: Daniel Stenberg <daniel@haxx.se>
+Date: Tue, 4 Jun 2024 17:00:05 +0200
+Subject: [PATCH] url: allow DoH transfers to override max connection limit
+
+When reaching the set maximum limit of allowed connections, allow a new
+connection anyway if the transfer is created for the (internal) purpose
+of doing a DoH name resolve. Otherwise, unrelated "normal" transfers can
+starve out new DoH requests making it impossible to name resolve for new
+transfers.
+
+Bug: https://curl.se/mail/lib-2024-06/0001.html
+Reported-by: kartatz
+Closes #13880
+
+Conflict:NA
+Reference:https://github.com/curl/curl/commit/b049388d473a9a0189f3180e57e04a39a3793382
+---
+ lib/url.c | 14 ++++++++++----
+ 1 file changed, 10 insertions(+), 4 deletions(-)
+
+diff --git a/lib/url.c b/lib/url.c
+index 41e35e153..4eabf0c87 100644
+--- a/lib/url.c
+++ b/lib/url.c
+@@ -3662,10 +3662,16 @@ static CURLcode create_conn(struct Curl_easy *data,
+       conn_candidate = Curl_conncache_extract_oldest(data);
+       if(conn_candidate)
+         Curl_disconnect(data, conn_candidate, FALSE);
+-      else {
+-        infof(data, "No connections available in cache");
+-        connections_available = FALSE;
+-      }
+      else
+#ifndef CURL_DISABLE_DOH
+        if(data->set.dohfor)
+          infof(data, "Allowing DoH to override max connection limit");
+        else
+#endif
+        {
+          infof(data, "No connections available in cache");
+          connections_available = FALSE;
+        }
+     }
+ 
+     if(!connections_available) {
+-- 
+2.33.0
+
--- a/curl.spec
+++ b/curl.spec
@ -7,7 +7,7 @@

 Name:           curl
 Version:        8.4.0
-Release:        9
+Release:        10
 Summary:        Curl is used in command lines or scripts to transfer data
 License:        curl
 URL:            https://curl.se/
@ -33,6 +33,7 @@ Patch24:        backport-tool_cfgable-free-proxy_-cipher13_list-on-exit.patch
 Patch25:        backport-CVE-2024-7264-x509asn1-clean-up-GTime2str.patch
 Patch26:        backport-CVE-2024-7264-x509asn1-unittests-and-fixes-fo.patch
 Patch27:        backport-CVE-2024-8096-gtls-fix-OCSP-stapling-management.patch
+Patch28:        backport-url-allow-DoH-transfers-to-override-max-connection-limit.patch

 BuildRequires:  automake brotli-devel coreutils gcc groff krb5-devel
 BuildRequires:  libidn2-devel libnghttp2-devel libpsl-devel
@ -218,6 +219,12 @@ rm -rf ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
 %{_mandir}/man3/*

 %changelog
+* Fri Sep 20 2024 zhouyihang <zhouyihang3@h-partners.com> - 8.4.0-10
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:url: allow DoH transfers to override max connection limit
+
 * Thu Sep 12 2024 zhouyihang <zhouyihang3@h-partners.com> - 8.4.0-9
 - Type:CVE
 - CVE:CVE-2024-8096