!202 fix CVE-2024-36387

From: @addrexist Reviewed-by: @jiangheng12 Signed-off-by: @jiangheng12
2024-07-06 06:16:11 +00:00 · 2024-07-06 06:16:11 +00:00 · 1ba0eb8dd0
commit 1ba0eb8dd0
parent c26044593f af45416fa4
2 changed files with 47 additions and 1 deletions
--- a/backport-CVE-2024-36387-mod_http2-early-exit-if-bb-is-null.patch
+++ b/backport-CVE-2024-36387-mod_http2-early-exit-if-bb-is-null.patch
@ -0,0 +1,39 @@
+From 62aa64e5aea21dd969db97aded4443c98c0735ac Mon Sep 17 00:00:00 2001
+From: Eric Covener <covener@apache.org>
+Date: Mon, 24 Jun 2024 17:51:42 +0000
+Subject: [PATCH] Merge r1918548 from trunk:
+
+mod_http2: early exit if bb is null
+
+
+
+git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68
+
+Conflict:NA
+Reference:https://github.com/apache/httpd/commit/62aa64e5aea21dd969db97aded4443c98c0735ac
+
+---
+ modules/http2/h2_c2.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/modules/http2/h2_c2.c b/modules/http2/h2_c2.c
+index a955200944..c65a521ab8 100644
+--- a/modules/http2/h2_c2.c
+++ b/modules/http2/h2_c2.c
+@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb)
+     h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
+     apr_status_t rv;
+ 
+   if (bb == NULL) {
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
+        f->c->data_in_output_filters = 0;
+#endif
+        return APR_SUCCESS;
+    }
+
+     ap_assert(conn_ctx);
+ #if AP_HAS_RESPONSE_BUCKETS
+     if (!conn_ctx->has_final_response) {
+-- 
+2.33.0
+
--- a/httpd.spec
+++ b/httpd.spec
@ -8,7 +8,7 @@
 Name:             httpd
 Summary:          Apache HTTP Server
 Version:          2.4.58
-Release:          4
+Release:          5
 License:          ASL 2.0
 URL:              https://httpd.apache.org/
 Source0:          https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -77,6 +77,7 @@ Patch23:          backport-CVE-2023-38709-header-validation-after-content.patch
 Patch24:          backport-CVE-2024-27316-bail-after-too-many-failed-reads.patch
 Patch25:          backport-remove-dependency-on-xmlstring-header.patch
 Patch26:          backport-only-allocate-a-heap-heap-buffer.patch
+Patch27:          backport-CVE-2024-36387-mod_http2-early-exit-if-bb-is-null.patch

 BuildRequires:    gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
 BuildRequires:    zlib-devel libselinux-devel lua-devel brotli-devel
@ -514,6 +515,12 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd

 %changelog
+* Tue Jul 02 2024 wangziliang <wangziliang@kylinos.cn> - 2.4.58-5
+- Type:CVE
+- ID:CVE-2024-36387
+- SUG:NA
+- DESC:fix CVE-2024-36387
+
 * Wed Jun 08 2024 yueyuankun <yueyuankun@kylinos.cn> - 2.4.58-4
 - Type:NA
 - ID:NA