Adam Majer
ebfbc55105
node::http2::Http2Session::~Http2Session() leads to HTTP/2 server crash- (High) (bsc#1222244, CVE-2024-27983) - CVE-2024-27982.patch - HTTP Request Smuggling via Content Length Obfuscation- (Medium) (bsc#1222384, CVE-2024-27982) - updated dependencies: + llhttp version 6.1.1 - CVE-2024-22025.patch - test timeout adjustment OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs16?expand=0&rev=102
34 lines
1.1 KiB
Diff
34 lines
1.1 KiB
Diff
from:
|
|
|
|
https://github.com/nodejs/node/commit/0fb816dbcc
|
|
|
|
src: ensure to close stream when destroying session
|
|
|
|
Co-Authored-By: Anna Henningsen <anna@addaleax.net>
|
|
PR-URL: nodejs-private/node-private#561
|
|
Fixes: https://hackerone.com/reports/2319584
|
|
Reviewed-By: Michael Dawson <midawson@redhat.com>
|
|
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
|
|
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
|
|
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
|
|
CVE-ID: CVE-2024-27983
|
|
|
|
|
|
Index: node-v16.20.2/src/node_http2.cc
|
|
===================================================================
|
|
--- node-v16.20.2.orig/src/node_http2.cc
|
|
+++ node-v16.20.2/src/node_http2.cc
|
|
@@ -529,6 +529,12 @@ Http2Session::Http2Session(Http2State* h
|
|
Http2Session::~Http2Session() {
|
|
CHECK(!is_in_scope());
|
|
Debug(this, "freeing nghttp2 session");
|
|
+ // Ensure that all `Http2Stream` instances and the memory they hold
|
|
+ // on to are destroyed before the nghttp2 session is.
|
|
+ for (const auto& [id, stream] : streams_) {
|
|
+ stream->Detach();
|
|
+ }
|
|
+ streams_.clear();
|
|
// Explicitly reset session_ so the subsequent
|
|
// current_nghttp2_memory_ check passes.
|
|
session_.reset();
|