rpms/mod_http2
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Import from CS git

Browse Source
This commit is contained in:
eabdullin 2024-10-04 14:52:10 +03:00
parent 220d068f44
commit eff3b1156d
3 changed files with 89 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

57
SOURCES/mod_http2-2.0.26-CVE-2024-27316.patch Normal file
View File

@ -0,0 +1,57 @@
From 134e28ae5abc997fe064995627b3ebe247a5d5d8 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Fri, 23 Feb 2024 15:13:56 +0100
Subject: [PATCH] RESET stream after 100 failed incoming headers
---
mod_http2/h2_session.c | 10 +++++++---
mod_http2/h2_stream.c | 1 +
mod_http2/h2_stream.h | 1 +
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/mod_http2/h2_session.c b/mod_http2/h2_session.c
index 1e560e47..6d379cc5 100644
--- a/mod_http2/h2_session.c
+++ b/mod_http2/h2_session.c
@@ -319,9 +319,13 @@ static int on_header_cb(nghttp2_session *ngh2, const nghttp2_frame *frame,
status = h2_stream_add_header(stream, (const char *)name, namelen,
(const char *)value, valuelen);
- if (status != APR_SUCCESS
- && (!stream->rtmp
- || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+ if (status != APR_SUCCESS &&
+ (!stream->rtmp ||
+ stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+ /* We accept a certain amount of failures in order to reply
+ * with an informative HTTP error response like 413. But of the
+ * client is too wrong, we fail the request an RESET the stream */
+ stream->request_headers_failed > 100)) {
return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
}
return 0;
diff --git a/mod_http2/h2_stream.c b/mod_http2/h2_stream.c
index f6c92024..ee87555f 100644
--- a/mod_http2/h2_stream.c
+++ b/mod_http2/h2_stream.c
@@ -813,6 +813,7 @@ apr_status_t h2_stream_add_header(h2_stream *stream,
cleanup:
if (error) {
+ ++stream->request_headers_failed;
set_error_response(stream, error);
return APR_EINVAL;
}
diff --git a/mod_http2/h2_stream.h b/mod_http2/h2_stream.h
index d68d4260..405978a4 100644
--- a/mod_http2/h2_stream.h
+++ b/mod_http2/h2_stream.h
@@ -91,6 +91,7 @@ struct h2_stream {
struct h2_request *rtmp; /* request being assembled */
apr_table_t *trailers_in; /* optional, incoming trailers */
int request_headers_added; /* number of request headers added */
+ int request_headers_failed; /* number of request headers failed to add */
#if AP_HAS_RESPONSE_BUCKETS
ap_bucket_response *response; /* the final, non-interim response or NULL */

17
SOURCES/mod_http2-2.0.26-CVE-2024-36387.patch Normal file
View File

@ -0,0 +1,17 @@
--- a/mod_http2/h2_c2.c 2024/06/24 17:34:59 1918556
+++ b/mod_http2/h2_c2.c 2024/06/24 17:51:42 1918557
@@ -370,6 +370,13 @@
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
apr_status_t rv;
+ if (bb == NULL) {
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
+ f->c->data_in_output_filters = 0;
+#endif
+ return APR_SUCCESS;
+ }
+
ap_assert(conn_ctx);
#if AP_HAS_RESPONSE_BUCKETS
if (!conn_ctx->has_final_response) {

17
SPECS/mod_http2.spec
View File

@ -3,7 +3,7 @@
Name: mod_http2 Name: mod_http2
Version: 2.0.26 Version: 2.0.26
Release: 1%{?dist} Release: 3%{?dist}
Summary: module implementing HTTP/2 for Apache 2 Summary: module implementing HTTP/2 for Apache 2
License: ASL 2.0 License: ASL 2.0
URL: https://icing.github.io/mod_h2/ URL: https://icing.github.io/mod_h2/
@ -12,7 +12,10 @@ Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/mod_http2
# Security patches: # Security patches:
# #
# Patch100: ... # https://bugzilla.redhat.com/show_bug.cgi?id=2268277
Patch100: mod_http2-2.0.26-CVE-2024-27316.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2295006
Patch101: mod_http2-2.0.26-CVE-2024-36387.patch
BuildRequires: make BuildRequires: make
BuildRequires: gcc BuildRequires: gcc
@ -27,7 +30,7 @@ The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on
top of libnghttp2 for httpd 2.4 servers. top of libnghttp2 for httpd 2.4 servers.
%prep %prep
%setup -q %autosetup -p1
%build %build
autoreconf -i autoreconf -i
@ -52,6 +55,14 @@ echo "LoadModule proxy_http2_module modules/mod_proxy_http2.so" > %{buildroot}%{
%{_httpd_moddir}/mod_proxy_http2.so %{_httpd_moddir}/mod_proxy_http2.so
%changelog %changelog
* Tue Jul 09 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-3
- Resolves: RHEL-45806 - mod_http2: DoS by null pointer in websocket
over HTTP/2 (CVE-2024-36387)
* Fri Apr 05 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-2
- Resolves: RHEL-31855 - mod_http2: httpd: CONTINUATION frames
DoS (CVE-2024-27316)
* Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-1 * Thu Jan 18 2024 Luboš Uhliarik <luhliari@redhat.com> - 2.0.26-1
- Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26 - Resolves: RHEL-14691 - mod_http2 rebase to 2.0.26