packages/varnish
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
varnish/CVE-2021-36740-1.patch
starlet-dx fe90eb9f1b fix CVE-2021-36740 
(cherry picked from commit 5d968132cbac5b5389f6a7a106c94e7f5b4b1b56)
2021-09-23 09:38:49 +08:00

28 lines
976 B
Diff
Raw Blame History

From cda1921004f10d3a56e6e044426473d99c88fa56 Mon Sep 17 00:00:00 2001
From: Poul-Henning Kamp <phk@FreeBSD.org>
Date: Fri, 22 Feb 2019 07:47:49 +0000
Subject: [PATCH 1/1] We cannot trust the mailcall to be empty just because we
got the mutex, for instance the VFP might have nipped out for more storage.
Fixes: #2572
---
bin/varnishd/http2/cache_http2_proto.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index 39d97e6..26bfae8 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -701,6 +701,8 @@ h2_rx_data(struct worker *wrk, struct h2_sess *h2, struct h2_req *r2)
if (r2 == NULL)
return (0);
Lck_Lock(&h2->sess->mtx);
+ while (h2->mailcall != NULL && h2->error == 0 && r2->error == 0)
+ AZ(Lck_CondWait(h2->cond, &h2->sess->mtx, 0));
AZ(h2->mailcall);
h2->mailcall = r2;
h2->req0->r_window -= h2->rxf_len;
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink