packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix memory leak in calc_sha256_hash

Browse Source
This commit is contained in:
chengyechun 2023-08-14 15:27:40 +08:00
parent 6f7800bd70
commit d0c5a4dddf
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
backport-fix-memory-leak-in-calc_sha256_hash.patch Normal file
View File

@ -0,0 +1,27 @@
From ff558f52f528dd21eb0a77de74d828e1459cdd62 Mon Sep 17 00:00:00 2001
From: Joe Orton <notroj@redhat.com>
Date: Fri, 7 Jul 2023 08:04:38 PM GMT+0800
Subject: [PATCH] fix memory leak in calc_sha256_hash
Conflict:NA
Reference:https://github.com/apache/httpd/commmit/ff558f52f528dd21eb0a77de74d828e1459cdd62
---
modules/http2/h2_push.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/modules/http2/h2_push.c b/modules/http2/h2_push.c
index 462c470..dd0928b 100644
--- a/modules/http2/h2_push.c
+++ b/modules/http2/h2_push.c
@@ -502,6 +502,7 @@ static void calc_sha256_hash(h2_push_diary *diary, apr_uint64_t *phash, h2_push
sha256_update(md, push->req->authority);
sha256_update(md, push->req->path);
EVP_DigestFinal(md, hash, &len);
+ EVP_MD_CTX_destroy(md);
val = 0;
for (i = 0; i != len; ++i)
--
2.23.0

9
httpd.spec
View File

@ -8,7 +8,7 @@
Name: httpd Name: httpd
Summary: Apache HTTP Server Summary: Apache HTTP Server
Version: 2.4.55 Version: 2.4.55
Release: 3 Release: 4
License: ASL 2.0 License: ASL 2.0
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://archive.apache.org/dist/httpd/httpd-%{version}.tar.bz2
@ -71,6 +71,7 @@ Patch17: backport-httpd-2.4.48-r1828172+.patch
Patch18: backport-httpd-2.4.46-htcacheclean-dont-break.patch Patch18: backport-httpd-2.4.46-htcacheclean-dont-break.patch
Patch19: backport-CVE-2023-27522.patch Patch19: backport-CVE-2023-27522.patch
Patch20: backport-CVE-2023-25690.patch Patch20: backport-CVE-2023-25690.patch
Patch21: backport-fix-memory-leak-in-calc_sha256_hash.patch
BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel BuildRequires: gcc autoconf pkgconfig findutils xmlto perl-interpreter perl-generators systemd-devel
BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel BuildRequires: zlib-devel libselinux-devel lua-devel brotli-devel
@ -507,6 +508,12 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Mon Aug 14 2023 chengyechun <chengyechun1@huawei.com> - 2.4.55-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix memory leak in calc_sha256_hash
* Thu Mar 9 2023 chengyechun <chengyechun1@huawei.com> - 2.4.55-3 * Thu Mar 9 2023 chengyechun <chengyechun1@huawei.com> - 2.4.55-3
- Type:CVE - Type:CVE
- ID:CVE-2023-27522, CVE-2023-25690 - ID:CVE-2023-27522, CVE-2023-25690