!41 Fix CVE-2024-4109

From: @yajieli Reviewed-by: @cherry530 Signed-off-by: @cherry530
2024-12-18 02:31:35 +00:00 · 2024-12-18 02:31:35 +00:00 · 83c7f19aa3
commit 83c7f19aa3
parent 1d9debd054 d973b2a847
2 changed files with 55 additions and 1 deletions
--- a/CVE-2024-4109.patch
+++ b/CVE-2024-4109.patch
@ -0,0 +1,50 @@
+From 28229fe98d5818f2329cb42151c31471367f20c3 Mon Sep 17 00:00:00 2001
+From: liyajie <liyajie15@h-partners.com>
+Date: Fri, 29 Nov 2024 03:44:57 +0800
+Subject: [PATCH 1/1] Fix CVE-2024-4109
+
+https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb
+---
+ .../io/undertow/protocols/http2/HpackDecoder.java   | 13 ++++---------
+ 1 file changed, 4 insertions(+), 9 deletions(-)
+
+diff --git a/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java b/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
+index 8643130..f21dc1d 100644
+--- a/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
+++ b/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
+@@ -66,8 +66,6 @@ public class HpackDecoder {
+      */
+     private int maxMemorySize;
+ 
+-    private final StringBuilder stringBuilder = new StringBuilder();
+-
+     public HpackDecoder(int maxMemorySize) {
+         this.maxMemorySize = maxMemorySize;
+         headerTable = new HeaderField[DEFAULT_RING_BUFFER_SIZE];
+@@ -227,19 +225,16 @@ public class HpackDecoder {
+         if (huffman) {
+             return readHuffmanString(length, buffer);
+         }
+        StringBuilder stringBuilder = new StringBuilder();
+         for (int i = 0; i < length; ++i) {
+             stringBuilder.append((char) buffer.get());
+         }
+-        String ret = stringBuilder.toString();
+-        stringBuilder.setLength(0);
+-        return ret;
+        return stringBuilder.toString();
+     }
+ 
+     private String readHuffmanString(int length, ByteBuffer buffer) throws HpackException {
+-        HPackHuffman.decode(buffer, length, stringBuilder);
+-        String ret = stringBuilder.toString();
+-        stringBuilder.setLength(0);
+-        return ret;
+        StringBuilder stringBuilder = new StringBuilder(length);
+        return stringBuilder.toString();
+     }
+ 
+     private HttpString handleIndexedHeaderName(int index) throws HpackException {
+-- 
+2.43.0
+
--- a/undertow.spec
+++ b/undertow.spec
@ -2,7 +2,7 @@
 %global namedversion %{version}%{?namedreltag}
 Name:                undertow
 Version:             1.4.0
-Release:             8
+Release:             9
 Summary:             Java web server using non-blocking IO
 License:             ASL 2.0
 URL:                 http://undertow.io/
@ -16,6 +16,7 @@ Patch4:              CVE-2023-1108.patch
 Patch5:              CVE-2021-3690.patch
 Patch6:              CVE-2023-1973.patch
 Patch7:              CVE-2023-5379.patch
+Patch8:              CVE-2024-4109.patch
 BuildArch:           noarch
 Epoch:               1
 BuildRequires:       maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api)
@ -77,6 +78,9 @@ export CXXFLAGS="${RPM_OPT_FLAGS}"
 %license LICENSE.txt

 %changelog
+* Tue Dec 17 2024 liyajie <liyajie15@h-partners.com> - 1:1.4.0-9
+- Fix CVE-2024-4109
+
 * Tue Nov 05 2024 yaoxin <yao_xin001@hoperun.com> - 1:1.4.0-8
 - Fix CVE-2021-3690,CVE-2023-1973 and CVE-2023-5379