packages/mod_http2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2024-27316

Browse Source 
(cherry picked from commit 9cab331c8f9e9253a1226474e3d4e25b93902d62)
This commit is contained in:
eaglegai 2024-04-07 07:03:46 +00:00 committed by openeuler-sync-bot
parent 7f3408ee9f
commit 7b6adc7e5a
2 changed files with 65 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
backport-CVE-2024-27316.patch Normal file
View File

@ -0,0 +1,56 @@
From 134e28ae5abc997fe064995627b3ebe247a5d5d8 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 23 Feb 2024 15:13:56 +0100
Subject: [PATCH] RESET stream after 100 failed incoming headers
---
mod_http2/h2_session.c | 10 +++++++---
mod_http2/h2_stream.c | 1 +
mod_http2/h2_stream.h | 1 +
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/mod_http2/h2_session.c b/mod_http2/h2_session.c
index 1e560e47..6d379cc5 100644
--- a/mod_http2/h2_session.c
+++ b/mod_http2/h2_session.c
@@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
status = h2_stream_add_header(stream, (const char *)name, namelen,
(const char *)value, valuelen);
- if (status != APR_SUCCESS
- && (!stream->rtmp
- || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+ if (status != APR_SUCCESS &&
+ (!stream->rtmp ||
+ stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+ /* We accept a certain amount of failures in order to reply
+ * with an informative HTTP error response like 413. But of the
+ * client is too wrong, we fail the request an RESET the stream */
+ stream->request_headers_failed > 100)) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
}
return 0;
diff --git a/mod_http2/h2_stream.c b/mod_http2/h2_stream.c
index f6c92024..ee87555f 100644
--- a/mod_http2/h2_stream.c
+++ b/mod_http2/h2_stream.c
@@ -813,6 +813,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
cleanup:
if (error) {
+ ++stream->request_headers_failed;
set_error_response(stream, error);
return APR_EINVAL;
}
diff --git a/mod_http2/h2_stream.h b/mod_http2/h2_stream.h
index d68d4260..405978a4 100644
--- a/mod_http2/h2_stream.h
+++ b/mod_http2/h2_stream.h
@@ -91,6 +91,7 @@ struct h2_stream {
struct h2_request *rtmp; /* request being assembled */
apr_table_t *trailers; /* optional incoming trailers */
int request_headers_added; /* number of request headers added */
+ int request_headers_failed; /* number of request headers failed to add */
struct h2_bucket_beam *input;
apr_bucket_brigade *in_buffer;

10
mod_http2.spec
View File

@ -2,12 +2,14 @@
Name: mod_http2 Name: mod_http2
Version: 1.15.25 Version: 1.15.25
Release: 2 Release: 3
Summary: Support for the HTTP/2 transport layer Summary: Support for the HTTP/2 transport layer
License: ASL 2.0 License: ASL 2.0
URL: https://icing.github.io/mod_h2/ URL: https://icing.github.io/mod_h2/
Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/%{name}-%{version}.tar.gz
Patch1: fix-build-with-earlier-2.4.x-which-don-t-define-AP_S.patch Patch1: fix-build-with-earlier-2.4.x-which-don-t-define-AP_S.patch
Patch2: backport-CVE-2024-27316.patch
BuildRequires: gcc pkgconfig httpd-devel libnghttp2-devel openssl-devel autoconf libtool hostname BuildRequires: gcc pkgconfig httpd-devel libnghttp2-devel openssl-devel autoconf libtool hostname
Requires: httpd-mmn = %{_httpd_mmn} Requires: httpd-mmn = %{_httpd_mmn}
@ -50,6 +52,12 @@ make check
%exclude /etc/httpd/share/doc/* %exclude /etc/httpd/share/doc/*
%changelog %changelog
* Sun Apr 07 2024 gaihuiying <eaglegai@163.com> - 1.15.25-3
- Type:cves
- CVE:CVE-2024-27316
- SUG:NA
- DESC:fix CVE-2024-27316
* Wed Oct 19 2022 gaihuiying <eaglegai@163.com> - 1.15.25-2 * Wed Oct 19 2022 gaihuiying <eaglegai@163.com> - 1.15.25-2
- Typebugfix - Typebugfix
- ID:NA - ID:NA