!71 fix CVE-2021-44716 instead of CVE-2024-4437

From: @northgarden Reviewed-by: @jxy_git Signed-off-by: @jxy_git
2024-05-07 03:08:20 +00:00 · 2024-05-07 03:08:20 +00:00 · 56ee2e82ad
commit 56ee2e82ad
parent 1b37f4ad84 a979cfded0
2 changed files with 66 additions and 1 deletions
--- a/0010-fix-CVE-2021-44716.patch
+++ b/0010-fix-CVE-2021-44716.patch
@ -0,0 +1,57 @@
+From 6b06b626969f252e520b1b8f8c3cd1f515835484 Mon Sep 17 00:00:00 2001
+From: bwzhang <zhangbowei@kylinos.cn>
+Date: Tue, 7 May 2024 09:29:47 +0800
+Subject: [PATCH] fix CVE-2021-44716
+
+http2: cap the size of the server's canonical header cache
+
+The HTTP/2 server keeps a per-connection cache mapping header keys
+to their canonicalized form (e.g., foo-bar => Foo-Bar). Cap the
+maximum size of this cache to prevent a peer sending many unique
+header keys from causing unbounded memory growth.
+
+Cap chosen arbitrarily at 32 entries. Since this cache does not
+include common headers (e.g., content-type), 32 seems like more
+than enough for almost all normal uses.
+
+Fixes #50058
+Fixes CVE-2021-44716
+
+Change-Id: Ia83696dc23253c12af8f26d502557c2cc9841105
+Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/1290827
+Reviewed-by: Roland Shoemaker <bracewell@google.com>
+Reviewed-on: https://go-review.googlesource.com/c/net/+/369794
+Trust: Filippo Valsorda <filippo@golang.org>
+Run-TryBot: Filippo Valsorda <filippo@golang.org>
+Trust: Damien Neil <dneil@google.com>
+Reviewed-by: Russ Cox <rsc@golang.org>
+Reviewed-by: Filippo Valsorda <filippo@golang.org>
+TryBot-Result: Gopher Robot <gobot@golang.org>
+---
+ vendor/golang.org/x/net/http2/server.go | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
+index 5e01ce9..5253650 100644
+--- a/vendor/golang.org/x/net/http2/server.go
+++ b/vendor/golang.org/x/net/http2/server.go
+@@ -723,7 +723,15 @@ func (sc *serverConn) canonicalHeader(v string) string {
+ 		sc.canonHeader = make(map[string]string)
+ 	}
+ 	cv = http.CanonicalHeaderKey(v)
+-	sc.canonHeader[v] = cv
+	// maxCachedCanonicalHeaders is an arbitrarily-chosen limit on the number of
+	// entries in the canonHeader cache. This should be larger than the number
+	// of unique, uncommon header keys likely to be sent by the peer, while not
+	// so high as to permit unreaasonable memory usage if the peer sends an unbounded
+	// number of unique header keys.
+	const maxCachedCanonicalHeaders = 32
+	if len(sc.canonHeader) < maxCachedCanonicalHeaders {
+		sc.canonHeader[v] = cv
+	}
+ 	return cv
+ }
+ 
+-- 
+2.20.1
+
--- a/etcd.spec
+++ b/etcd.spec
@ -31,7 +31,7 @@ system.}
 %global gosupfiles      integration/fixtures/* etcdserver/api/v2http/testdata/*

 Name:           etcd
-Release:        12
+Release:        13
 Summary:        Distributed reliable key-value store for the most critical data of a distributed system

 # Upstream license specification: Apache-2.0
@ -53,6 +53,7 @@ Patch6:         0006-fix-CVE-2023-39325.patch
 Patch7:         0007-fix-CVE-2022-34038.patch
 Patch8:         0008-fix-CVE-2023-32082.patch
 Patch9:         0009-fix-CVE-2021-28235.patch
+Patch10:        0010-fix-CVE-2021-44716.patch

 BuildRequires:  golang
 BuildRequires:  python3-devel
@ -76,6 +77,7 @@ Requires(pre):  shadow-utils
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1
 %ifarch sw_64
 %patch3 -p1
 %endif
@ -164,6 +166,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/
 %endif

 %changelog
+* Tue May 07 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-13
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC: fix CVE-2021-44716
+
 * Wed Apr 24 2024 zhangbowei <zhangbowei@kylinos.cn> - 3.4.14-12
 - Type:bugfix
 - CVE:NA