packages/httpd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
httpd/CVE-2019-9517_CVE-2019-10081_CVE-2019-10082-1.patch

86 lines
3.3 KiB
Diff
Raw Blame History

From 2040a6943df462ef3fafd220043204ecd08f29dc Mon Sep 17 00:00:00 2001
From: Jim Jagielski <jim@apache.org>
Date: Thu, 13 Jun 2019 11:08:29 +0000
Subject: [PATCH 1/5] Merge r1860260 from trunk:
* modules/http2: more copying of data to disentangle worker processing from main connection
Submitted by: icing
Reviewed by: icing, covener, jim
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1861247 13f79535-47bb-0310-9956-ffa450edef68
---
modules/http2/h2_headers.c | 11 +++++++++--
modules/http2/h2_headers.h | 8 +++++++-
modules/http2/h2_session.c | 1 +
3 files changed, 17 insertions(+), 3 deletions(-)
diff --git a/modules/http2/h2_headers.c b/modules/http2/h2_headers.c
index f01ab88..2be9545 100644
--- a/modules/http2/h2_headers.c
+++ b/modules/http2/h2_headers.c
@@ -101,8 +101,9 @@ apr_bucket *h2_bucket_headers_beam(struct h2_bucket_beam *beam,
const apr_bucket *src)
{
if (H2_BUCKET_IS_HEADERS(src)) {
- h2_headers *r = ((h2_bucket_headers *)src->data)->headers;
- apr_bucket *b = h2_bucket_headers_create(dest->bucket_alloc, r);
+ h2_headers *src_headers = ((h2_bucket_headers *)src->data)->headers;
+ apr_bucket *b = h2_bucket_headers_create(dest->bucket_alloc,
+ h2_headers_clone(dest->p, src_headers));
APR_BRIGADE_INSERT_TAIL(dest, b);
return b;
}
@@ -153,6 +154,12 @@ h2_headers *h2_headers_copy(apr_pool_t *pool, h2_headers *h)
apr_table_copy(pool, h->notes), h->raw_bytes, pool);
}
+h2_headers *h2_headers_clone(apr_pool_t *pool, h2_headers *h)
+{
+ return h2_headers_create(h->status, apr_table_clone(pool, h->headers),
+ apr_table_clone(pool, h->notes), h->raw_bytes, pool);
+}
+
h2_headers *h2_headers_die(apr_status_t type,
const h2_request *req, apr_pool_t *pool)
{
diff --git a/modules/http2/h2_headers.h b/modules/http2/h2_headers.h
index 840e8c4..b7d95a1 100644
--- a/modules/http2/h2_headers.h
+++ b/modules/http2/h2_headers.h
@@ -59,12 +59,18 @@ h2_headers *h2_headers_rcreate(request_rec *r, int status,
apr_table_t *header, apr_pool_t *pool);
/**
- * Clone the headers into another pool. This will not copy any
+ * Copy the headers into another pool. This will not copy any
* header strings.
*/
h2_headers *h2_headers_copy(apr_pool_t *pool, h2_headers *h);
/**
+ * Clone the headers into another pool. This will also clone any
+ * header strings.
+ */
+h2_headers *h2_headers_clone(apr_pool_t *pool, h2_headers *h);
+
+/**
* Create the headers for the given error.
* @param stream_id id of the stream to create the headers for
* @param type the error code
diff --git a/modules/http2/h2_session.c b/modules/http2/h2_session.c
index a1b31d2..3f0e9c9 100644
--- a/modules/http2/h2_session.c
+++ b/modules/http2/h2_session.c
@@ -1950,6 +1950,7 @@ static void on_stream_state_enter(void *ctx, h2_stream *stream)
ev_stream_closed(session, stream);
break;
case H2_SS_CLEANUP:
+ nghttp2_session_set_stream_user_data(session->ngh2, stream->id, NULL);
h2_mplx_stream_cleanup(session->mplx, stream);
break;
default:
--
1.8.3.1
Reference in New Issue View Git Blame Copy Permalink