rpms/http-parser
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import http-parser-2.8.0-6.el8

Browse Source
This commit is contained in:
CentOS Sources 2020-01-21 17:47:30 -05:00 committed by Stepan Oksanichenko
parent aebfda7765
commit 67dfa716e0
3 changed files with 150 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
SOURCES/CVE-2018-12121.patch Normal file
View File

@ -0,0 +1,69 @@
diff --git a/http_parser.c b/http_parser.c
index f9991c3..aef4437 100644
--- a/http_parser.c
+++ b/http_parser.c
@@ -25,6 +25,8 @@
#include <string.h>
#include <limits.h>
+static uint32_t max_header_size = HTTP_MAX_HEADER_SIZE;
+
#ifndef ULLONG_MAX
# define ULLONG_MAX ((uint64_t) -1) /* 2^64-1 */
#endif
@@ -137,20 +139,20 @@ do { \
} while (0)
/* Don't allow the total size of the HTTP headers (including the status
- * line) to exceed HTTP_MAX_HEADER_SIZE. This check is here to protect
+ * line) to exceed max_header_size. This check is here to protect
* embedders against denial-of-service attacks where the attacker feeds
* us a never-ending header that the embedder keeps buffering.
*
* This check is arguably the responsibility of embedders but we're doing
* it on the embedder's behalf because most won't bother and this way we
- * make the web a little safer. HTTP_MAX_HEADER_SIZE is still far bigger
+ * make the web a little safer. max_header_size is still far bigger
* than any reasonable request or response so this should never affect
* day-to-day operation.
*/
#define COUNT_HEADER_SIZE(V) \
do { \
parser->nread += (V); \
- if (UNLIKELY(parser->nread > (HTTP_MAX_HEADER_SIZE))) { \
+ if (UNLIKELY(parser->nread > (max_header_size))) { \
SET_ERRNO(HPE_HEADER_OVERFLOW); \
goto error; \
} \
@@ -1471,7 +1473,7 @@ reexecute:
const char* p_lf;
size_t limit = data + len - p;
- limit = MIN(limit, HTTP_MAX_HEADER_SIZE);
+ limit = MIN(limit, max_header_size);
p_cr = (const char*) memchr(p, CR, limit);
p_lf = (const char*) memchr(p, LF, limit);
@@ -2438,3 +2440,8 @@ http_parser_version(void) {
HTTP_PARSER_VERSION_MINOR * 0x00100 |
HTTP_PARSER_VERSION_PATCH * 0x00001;
}
+
+void
+http_parser_set_max_header_size(uint32_t size) {
+ max_header_size = size;
+}
diff --git a/http_parser.h b/http_parser.h
index 1fbf30e..ea7bafe 100644
--- a/http_parser.h
+++ b/http_parser.h
@@ -427,6 +427,9 @@ void http_parser_pause(http_parser *parser, int paused);
/* Checks if this is the final chunk of the body. */
int http_body_is_final(const http_parser *parser);
+/* Change the maximum header size provided at compile time. */
+void http_parser_set_max_header_size(uint32_t size);
+
#ifdef __cplusplus
}
#endif

54
SOURCES/remove-unused-functions-from-test-runner.patch Normal file
View File

@ -0,0 +1,54 @@
commit 705e519bf56e5904c761a411b38a66e84bf7fc2d
Author: Ben Noordhuis <info@bnoordhuis.nl>
Date: Tue Feb 27 22:59:00 2018 +0100
Remove unused functions from test runner.
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
diff --git a/test.c b/test.c
index bc4e664..0cbe544 100644
--- a/test.c
+++ b/test.c
@@ -27,9 +27,7 @@
#include <stdarg.h>
#if defined(__APPLE__)
-# undef strlcat
# undef strlncpy
-# undef strlcpy
#endif /* defined(__APPLE__) */
#undef TRUE
@@ -1993,12 +1991,6 @@ strlncat(char *dst, size_t len, const char *src, size_t n)
return slen + dlen;
}
-size_t
-strlcat(char *dst, const char *src, size_t len)
-{
- return strlncat(dst, len, src, (size_t) -1);
-}
-
size_t
strlncpy(char *dst, size_t len, const char *src, size_t n)
{
@@ -2017,12 +2009,6 @@ strlncpy(char *dst, size_t len, const char *src, size_t n)
return slen;
}
-size_t
-strlcpy(char *dst, const char *src, size_t len)
-{
- return strlncpy(dst, len, src, (size_t) -1);
-}
-
int
request_url_cb (http_parser *p, const char *buf, size_t len)
{

30
SPECS/http-parser.spec
View File

@ -1,6 +1,8 @@
%bcond_without check
Name: http-parser
Version: 2.8.0
Release: 2%{?dist}
Release: 6%{?dist}
Summary: HTTP request/response parser for C
License: MIT
@ -10,7 +12,9 @@ Source0: %{url}/archive/v%{version}/%{name}-%{version}.tar.gz
BuildRequires: meson
BuildRequires: gcc
Patch0001: CVE-2018-7159.patch
Patch01: CVE-2018-7159.patch
Patch02: CVE-2018-12121.patch
Patch03: remove-unused-functions-from-test-runner.patch
%description
This is a parser for HTTP messages written in C. It parses both requests and
@ -28,7 +32,11 @@ Requires: %{name}%{?_isa} = %{?epoch:%{epoch}:}%{version}-%{release}
Development headers and libraries for http-parser.
%prep
%autosetup -p3
%setup -q
%patch01 -p3
%patch02 -p1
%patch03 -p1
# TODO: try to send upstream?
cat > meson.build << EOF
project('%{name}', 'c', version : '%{version}')
@ -54,8 +62,10 @@ EOF
%install
%meson_install
%if %{with check}
%check
%meson_test
%endif
%ldconfig_scriptlets
@ -71,6 +81,20 @@ EOF
%{_libdir}/libhttp_parser_strict.so
%changelog
* Tue Oct 29 2019 Sergio Correia <scorreia@redhat.com> - 2.8.0-6
- Provide -devel package
Resolves: rhbz#1748765: http-parser-devel package not available in CRB
* Mon Aug 12 2019 Sergio Correia <scorreia@redhat.com> - 2.8.0-5
- Resolves: rhbz#1686488: 'make test' fails with stringop-overflow error
* Thu Aug 08 2019 Sergio Correia <scorreia@redhat.com> - 2.8.0-4
- Resolves: rhbz#1666382: CVE-2018-12121 http-parser: nodejs: Denial of
Service with large HTTP headers [rhel-8]
* Thu Apr 11 2019 Daniel Kopecek <dkopecek@redhat.com> - 2.8.0-3
- spec: make the check phase conditional
* Mon Dec 3 2018 Jakub Hrozek <jhrozek@redhat.com> - 2.8.0-2
- Resolves: #rhbz1654223: CVE-2018-7159 http-parser: nodejs: HTTP parser
allowed for spaces inside Content-Length header