packages/jetty
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2021-28165

Browse Source
This commit is contained in:
wangxiao65 2021-04-21 14:24:53 +08:00
parent ca866b6cd7
commit 01f377e938
3 changed files with 81 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2021-28165-1.patch Normal file
View File

@ -0,0 +1,36 @@
From 00d379c94ba865dced2025c2d1bc3e2e0e41e880 Mon Sep 17 00:00:00 2001
From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
Date: Thu, 18 Mar 2021 08:08:55 -0500
Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
length > 17408.
Avoid spinning if the input buffer is full.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
---
.../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index bc2431d..b2482e7 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -603,7 +603,13 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
case BUFFER_UNDERFLOW:
if (net_filled > 0)
- continue; // try filling some more
+ {
+ if (BufferUtil.space(_encryptedInput) > 0)
+ continue; // try filling some more
+ BufferUtil.clear(_encryptedInput);
+ throw new SSLHandshakeException("Encrypted buffer max length exceeded");
+ }
+
_underflown = true;
if (net_filled < 0 && _sslEngine.getUseClientMode())
{
--
2.23.0

39
CVE-2021-28165-2.patch Normal file
View File

@ -0,0 +1,39 @@
From 294b2ba02b667548617a94cd99592110ac230add Mon Sep 17 00:00:00 2001
From: Simone Bordet <simone.bordet@gmail.com>
Date: Mon, 22 Mar 2021 10:39:36 +0100
Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
length > 17408.
Updates after review.
Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
---
.../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
index b2482e7..44c7f10 100644
--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
@@ -602,14 +602,15 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
return filled = -1;
case BUFFER_UNDERFLOW:
- if (net_filled > 0)
+ if (BufferUtil.space(_encryptedInput) == 0)
{
- if (BufferUtil.space(_encryptedInput) > 0)
- continue; // try filling some more
BufferUtil.clear(_encryptedInput);
throw new SSLHandshakeException("Encrypted buffer max length exceeded");
}
+ if (net_filled > 0)
+ continue; // try filling some more
+
_underflown = true;
if (net_filled < 0 && _sslEngine.getUseClientMode())
{
--
2.23.0

7
jetty.spec
View File

@ -12,7 +12,7 @@
%bcond_with jp_minimal
Name: jetty
Version: 9.4.15
Release: 6
Release: 7
Summary: Java Webserver and Servlet Container
License: ASL 2.0 or EPL-1.0 or EPL-2.0
URL: http://www.eclipse.org/jetty/
@ -27,6 +27,8 @@ Patch2: CVE-2020-27223-pre-2.patch
Patch3: CVE-2020-27223-pre-3.patch
Patch4: CVE-2020-27223-pre-4.patch
Patch5: CVE-2020-27223.patch
Patch6: CVE-2021-28165-1.patch
Patch7: CVE-2021-28165-2.patch
BuildRequires: maven-local mvn(javax.servlet:javax.servlet-api)
BuildRequires: mvn(org.apache.felix:maven-bundle-plugin)
BuildRequires: mvn(org.apache.maven.plugins:maven-shade-plugin)
@ -785,6 +787,9 @@ exit 0
%license LICENSE NOTICE.txt LICENSE-MIT
%changelog
* Wed Apr 21 2021 wangxiao <wangxiao65@huawei.com> - 9.4.15-7
- Fix CVE-2021-28165
* Wed Mar 17 2021 zhanghua <zhanghua40@huawei.com> - 9.4.15-6
- fix CVE-2020-27223