Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
nodejs16.34067
CVE-2024-27983.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2024-27983.patch of Package nodejs16.34067
from: https://github.com/nodejs/node/commit/0fb816dbcc src: ensure to close stream when destroying session Co-Authored-By: Anna Henningsen <anna@addaleax.net> PR-URL: nodejs-private/node-private#561 Fixes: https://hackerone.com/reports/2319584 Reviewed-By: Michael Dawson <midawson@redhat.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> CVE-ID: CVE-2024-27983 Index: node-v16.20.2/src/node_http2.cc =================================================================== --- node-v16.20.2.orig/src/node_http2.cc +++ node-v16.20.2/src/node_http2.cc @@ -529,6 +529,12 @@ Http2Session::Http2Session(Http2State* h Http2Session::~Http2Session() { CHECK(!is_in_scope()); Debug(this, "freeing nghttp2 session"); + // Ensure that all `Http2Stream` instances and the memory they hold + // on to are destroyed before the nghttp2 session is. + for (const auto& [id, stream] : streams_) { + stream->Detach(); + } + streams_.clear(); // Explicitly reset session_ so the subsequent // current_nghttp2_memory_ check passes. session_.reset();
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor