from:

https://github.com/nodejs/node/commit/0fb816dbcc

 src: ensure to close stream when destroying session

Co-Authored-By: Anna Henningsen <anna@addaleax.net>
PR-URL: nodejs-private/node-private#561
Fixes: https://hackerone.com/reports/2319584
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
CVE-ID: CVE-2024-27983


Index: node-v12.22.12/src/node_http2.cc
===================================================================
--- node-v12.22.12.orig/src/node_http2.cc
+++ node-v12.22.12/src/node_http2.cc
@@ -590,6 +590,12 @@ Http2Session::Http2Session(Environment*
 Http2Session::~Http2Session() {
   CHECK_EQ(flags_ & SESSION_STATE_HAS_SCOPE, 0);
   Debug(this, "freeing nghttp2 session");
+  // Ensure that all `Http2Stream` instances and the memory they hold
+  // on to are destroyed before the nghttp2 session is.
+  for (const auto& [id, stream] : streams_) {
+    stream->Detach();
+  }
+  streams_.clear();
   nghttp2_session_del(session_);
   CHECK_EQ(current_nghttp2_memory_, 0);
 }