48 lines
2.0 KiB
Diff
48 lines
2.0 KiB
Diff
From: Markus Koschany <apo@debian.org>
|
|
Date: Wed, 17 Aug 2022 12:59:00 +0200
|
|
Subject: CVE-2022-2048
|
|
|
|
Origin: https://github.com/eclipse/jetty.project/issues/7935
|
|
---
|
|
.../jetty/http2/server/HttpChannelOverHTTP2.java | 12 +-
|
|
.../org/eclipse/jetty/http2/server/BadURITest.java | 153 +++++++++++++++++++++
|
|
2 files changed, 157 insertions(+), 8 deletions(-)
|
|
create mode 100644 jetty-http2/http2-server/src/test/java/org/eclipse/jetty/http2/server/BadURITest.java
|
|
|
|
diff --git a/jetty-http2/http2-server/src/main/java/org/eclipse/jetty/http2/server/HttpChannelOverHTTP2.java b/jetty-http2/http2-server/src/main/java/org/eclipse/jetty/http2/server/HttpChannelOverHTTP2.java
|
|
index 03b082e..3548497 100644
|
|
--- a/jetty-http2/http2-server/src/main/java/org/eclipse/jetty/http2/server/HttpChannelOverHTTP2.java
|
|
+++ b/jetty-http2/http2-server/src/main/java/org/eclipse/jetty/http2/server/HttpChannelOverHTTP2.java
|
|
@@ -143,13 +143,11 @@ public class HttpChannelOverHTTP2 extends HttpChannel implements Closeable, Writ
|
|
}
|
|
catch (BadMessageException x)
|
|
{
|
|
- onBadMessage(x);
|
|
- return null;
|
|
+ return () -> onBadMessage(x);
|
|
}
|
|
catch (Throwable x)
|
|
{
|
|
- onBadMessage(new BadMessageException(HttpStatus.INTERNAL_SERVER_ERROR_500, null, x));
|
|
- return null;
|
|
+ return () -> onBadMessage(new BadMessageException(HttpStatus.INTERNAL_SERVER_ERROR_500, null, x));
|
|
}
|
|
}
|
|
|
|
@@ -175,13 +173,11 @@ public class HttpChannelOverHTTP2 extends HttpChannel implements Closeable, Writ
|
|
}
|
|
catch (BadMessageException x)
|
|
{
|
|
- onBadMessage(x);
|
|
- return null;
|
|
+ return () -> onBadMessage(x);
|
|
}
|
|
catch (Throwable x)
|
|
{
|
|
- onBadMessage(new BadMessageException(HttpStatus.INTERNAL_SERVER_ERROR_500, null, x));
|
|
- return null;
|
|
+ return () -> onBadMessage(new BadMessageException(HttpStatus.INTERNAL_SERVER_ERROR_500, null, x));
|
|
}
|
|
}
|
|
|