From 28229fe98d5818f2329cb42151c31471367f20c3 Mon Sep 17 00:00:00 2001
From: liyajie <liyajie15@h-partners.com>
Date: Fri, 29 Nov 2024 03:44:57 +0800
Subject: [PATCH 1/1] Fix CVE-2024-4109

https://github.com/apache/tomcat/commit/8d2fe6894d6e258a6d615d7f786acca80e6020cb
---
 .../io/undertow/protocols/http2/HpackDecoder.java   | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java b/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
index 8643130..f21dc1d 100644
--- a/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
+++ b/core/src/main/java/io/undertow/protocols/http2/HpackDecoder.java
@@ -66,8 +66,6 @@ public class HpackDecoder {
      */
     private int maxMemorySize;
 
-    private final StringBuilder stringBuilder = new StringBuilder();
-
     public HpackDecoder(int maxMemorySize) {
         this.maxMemorySize = maxMemorySize;
         headerTable = new HeaderField[DEFAULT_RING_BUFFER_SIZE];
@@ -227,19 +225,16 @@ public class HpackDecoder {
         if (huffman) {
             return readHuffmanString(length, buffer);
         }
+        StringBuilder stringBuilder = new StringBuilder();
         for (int i = 0; i < length; ++i) {
             stringBuilder.append((char) buffer.get());
         }
-        String ret = stringBuilder.toString();
-        stringBuilder.setLength(0);
-        return ret;
+        return stringBuilder.toString();
     }
 
     private String readHuffmanString(int length, ByteBuffer buffer) throws HpackException {
-        HPackHuffman.decode(buffer, length, stringBuilder);
-        String ret = stringBuilder.toString();
-        stringBuilder.setLength(0);
-        return ret;
+        StringBuilder stringBuilder = new StringBuilder(length);
+        return stringBuilder.toString();
     }
 
     private HttpString handleIndexedHeaderName(int index) throws HpackException {
-- 
2.43.0