Sync from SUSE:SLFO:Main apache2 revision 59422ba0b9f30c4b5b7c05f2b76c4e2c
This commit is contained in:
parent
d52870e551
commit
f2969034e9
30
apache2-CVE-2024-36387.patch
Normal file
30
apache2-CVE-2024-36387.patch
Normal file
@ -0,0 +1,30 @@
|
||||
commit 62aa64e5aea21dd969db97aded4443c98c0735ac
|
||||
Author: Eric Covener <covener@apache.org>
|
||||
Date: Mon Jun 24 17:51:42 2024 +0000
|
||||
|
||||
Merge r1918548 from trunk:
|
||||
|
||||
mod_http2: early exit if bb is null
|
||||
|
||||
|
||||
|
||||
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68
|
||||
|
||||
diff --git a/modules/http2/h2_c2.c b/modules/http2/h2_c2.c
|
||||
index a955200944..c65a521ab8 100644
|
||||
--- a/modules/http2/h2_c2.c
|
||||
+++ b/modules/http2/h2_c2.c
|
||||
@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb)
|
||||
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
|
||||
apr_status_t rv;
|
||||
|
||||
+ if (bb == NULL) {
|
||||
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
|
||||
+ f->c->data_in_output_filters = 0;
|
||||
+#endif
|
||||
+ return APR_SUCCESS;
|
||||
+ }
|
||||
+
|
||||
ap_assert(conn_ctx);
|
||||
#if AP_HAS_RESPONSE_BUCKETS
|
||||
if (!conn_ctx->has_final_response) {
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 17 04:59:12 UTC 2024 - Martin Schreiner <martin.schreiner@suse.com>
|
||||
|
||||
- Security fix:
|
||||
- CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2
|
||||
* Added apache2-CVE-2024-36387.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 8 10:53:20 UTC 2024 - David Anes <david.anes@suse.com>
|
||||
|
||||
|
@ -209,6 +209,8 @@ Patch106: apache2-CVE-2024-38477.patch
|
||||
Patch107: apache2-CVE-2024-38475-1.patch
|
||||
Patch108: apache2-CVE-2024-38475-2.patch
|
||||
Patch109: apache2-CVE-2024-38475-3.patch
|
||||
# FIX-UPSTREAM: CVE-2024-36387, bsc#1227272: DoS by null pointer in websocket over HTTP/2
|
||||
Patch110: apache2-CVE-2024-36387.patch
|
||||
|
||||
BuildRequires: apache-rpm-macros-control
|
||||
#Since 2.4.7 the event MPM requires apr 1.5.0 or later.
|
||||
|
Loading…
Reference in New Issue
Block a user