File apache2-CVE-2024-27316.patch of Package apache2.34448

Overview Repositories Revisions Requests Users Attributes Meta

File apache2-CVE-2024-27316.patch of Package apache2.34448

Index: httpd-2.4.51/modules/http2/h2_session.c
===================================================================
--- httpd-2.4.51.orig/modules/http2/h2_session.c
+++ httpd-2.4.51/modules/http2/h2_session.c
@@ -311,9 +311,13 @@ static int on_header_cb(nghttp2_session
     
     status = h2_stream_add_header(stream, (const char *)name, namelen,
                                   (const char *)value, valuelen);
-    if (status != APR_SUCCESS
-        && (!stream->rtmp
-            || stream->rtmp->http_status == H2_HTTP_STATUS_UNSET)) {
+    if (status != APR_SUCCESS &&
+        (!stream->rtmp ||
+         stream->rtmp->http_status == H2_HTTP_STATUS_UNSET ||
+         /* We accept a certain amount of failures in order to reply
+          * with an informative HTTP error response like 413. But if the
+          * client is too wrong, we fail the request a RESET of the stream */
+         stream->request_headers_failed > 100)) {
         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;
     }
     return 0;
Index: httpd-2.4.51/modules/http2/h2_stream.c
===================================================================
--- httpd-2.4.51.orig/modules/http2/h2_stream.c
+++ httpd-2.4.51/modules/http2/h2_stream.c
@@ -764,6 +764,7 @@ apr_status_t h2_stream_add_header(h2_str
     
 cleanup:
     if (error) {
+        ++stream->request_headers_failed;
         set_error_response(stream, error);
         return APR_EINVAL; 
     }
Index: httpd-2.4.51/modules/http2/h2_stream.h
===================================================================
--- httpd-2.4.51.orig/modules/http2/h2_stream.h
+++ httpd-2.4.51/modules/http2/h2_stream.h
@@ -75,6 +75,7 @@ struct h2_stream {
     struct h2_request *rtmp;    /* request being assembled */
     apr_table_t *trailers;      /* optional incoming trailers */
     int request_headers_added;  /* number of request headers added */
+    int request_headers_failed; /* number of request headers failed to add */
     
     struct h2_bucket_beam *input;
     apr_bucket_brigade *in_buffer;

Places

File apache2-CVE-2024-27316.patch of Package apache2.34448

Places