packages/nodejs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nodejs/0001-correct-some-errors-related-to-CVE-2025-23085.patch
Jiayi Yin 3b87b01ad7 转换LFS仓库为普通仓库
2025-05-18 22:24:21 +00:00

52 lines
2.1 KiB
Diff
Raw Permalink Blame History

From 888d300c1ae7f1ef4d0eda26df9335b02b62e7b0 Mon Sep 17 00:00:00 2001
From: hanguanqiang <hanguanqiang@kylinos.cn>
Date: Wed, 2 Apr 2025 14:42:23 +0800
Subject: [PATCH] correct some errors related to CVE-2025-23085
---
src/node_http2.cc | 2 +-
test/parallel/test-http2-premature-close.js | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/node_http2.cc b/src/node_http2.cc
index 1569149b..5a24f99e 100644
--- a/src/node_http2.cc
+++ b/src/node_http2.cc
@@ -1193,7 +1193,7 @@ int Http2Session::OnFrameNotSent(nghttp2_session* handle,
// closed but the Http2Session will still be up causing a memory leak.
// Therefore, if the GOAWAY frame couldn't be send due to
// ERR_SESSION_CLOSING we should force close from our side.
- if (frame->hd.type != 0x03) {
+ if (frame->hd.type != NGHTTP2_GOAWAY) {
return 0;
}
}
diff --git a/test/parallel/test-http2-premature-close.js b/test/parallel/test-http2-premature-close.js
index a9b08f55..df30c429 100644
--- a/test/parallel/test-http2-premature-close.js
+++ b/test/parallel/test-http2-premature-close.js
@@ -29,9 +29,9 @@ async function requestAndClose(server) {
// Send a valid HEADERS frame
const headersFrame = Buffer.concat([
Buffer.from([
- 0x00, 0x00, 0x0c, // Length: 12 bytes
+ 0x00, 0x00, 0x0e, // Length: 14 bytes
0x01, // Type: HEADERS
- 0x05, // Flags: END_HEADERS + END_STREAM
+ 0x04, // Flags: END_HEADERS
(streamId >> 24) & 0xFF, // Stream ID: high byte
(streamId >> 16) & 0xFF,
(streamId >> 8) & 0xFF,
@@ -41,7 +41,7 @@ async function requestAndClose(server) {
0x82, // Indexed Header Field Representation (Predefined ":method: GET")
0x84, // Indexed Header Field Representation (Predefined ":path: /")
0x86, // Indexed Header Field Representation (Predefined ":scheme: http")
- 0x44, 0x0a, // Custom ":authority: localhost"
+ 0x41, 0x09, // ":authority: localhost" Length: 9 bytes
0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
]),
]);
--
2.43.0
Reference in New Issue View Git Blame Copy Permalink