packages/varnish
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
varnish/CVE-2021-36740-3.patch
starlet-dx fe90eb9f1b fix CVE-2021-36740 
(cherry picked from commit 5d968132cbac5b5389f6a7a106c94e7f5b4b1b56)
2021-09-23 09:38:49 +08:00

30 lines
1.0 KiB
Diff
Raw Blame History

From 799f68e918fd3fb8a373338c7886042317e1910c Mon Sep 17 00:00:00 2001
From: Dag Haavi Finstad <daghf@varnish-software.com>
Date: Mon, 28 Oct 2019 12:13:43 +0100
Subject: [PATCH 1/1] h2_rx_data: Remember to drop the lock before returning
Fixes: #3086
---
bin/varnishd/http2/cache_http2_proto.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index 902c1e08c..0f2a21230 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -703,8 +703,10 @@ h2_rx_data(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
Lck_Lock(&h2->sess->mtx);
while (h2->mailcall != NULL && h2->error == 0 && r2->error == 0)
AZ(Lck_CondWait(h2->cond, &h2->sess->mtx, 0));
- if (h2->error || r2->error)
+ if (h2->error || r2->error) {
+ Lck_Unlock(&h2->sess->mtx);
return (h2->error ? h2->error : r2->error);
+ }
AZ(h2->mailcall);
h2->mailcall = r2;
h2->req0->r_window -= h2->rxf_len;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink