Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15:Update
tomcat.23183
tomcat-9.0-CVE-2020-13934.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-9.0-CVE-2020-13934.patch of Package tomcat.23183
From 172977f04a5215128f1e278a688983dcd230f399 Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Fri, 26 Jun 2020 12:49:50 +0100 Subject: [PATCH] Ensure HTTP/1.1 processor is recycled after a direct h2c connection --- java/org/apache/coyote/AbstractProtocol.java | 9 ++++++--- webapps/docs/changelog.xml | 4 ++++ 2 files changed, 10 insertions(+), 3 deletions(-) Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/AbstractProtocol.java +++ apache-tomcat-9.0.36-src/java/org/apache/coyote/AbstractProtocol.java @@ -876,8 +876,10 @@ public abstract class AbstractProtocol<S // Assume direct HTTP/2 connection UpgradeProtocol upgradeProtocol = getProtocol().getUpgradeProtocol("h2c"); if (upgradeProtocol != null) { - processor = upgradeProtocol.getProcessor( - wrapper, getProtocol().getAdapter()); + // Release the Http11 processor to be re-used + release(processor); + // Create the upgrade processor + processor = upgradeProtocol.getProcessor(wrapper, getProtocol().getAdapter()); wrapper.unRead(leftOverInput); // Associate with the processor with the connection wrapper.setCurrentProcessor(processor); @@ -887,7 +889,8 @@ public abstract class AbstractProtocol<S "abstractConnectionHandler.negotiatedProcessor.fail", "h2c")); } - return SocketState.CLOSED; + // Exit loop and trigger appropriate clean-up + state = SocketState.CLOSED; } } else { HttpUpgradeHandler httpUpgradeHandler = upgradeToken.getHttpUpgradeHandler(); Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml =================================================================== --- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml +++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml @@ -104,6 +104,10 @@ <bug>64485</bug>: Fix possible resource leak geting last modified from <code>ConfigurationSource.Resource</code>. (remm) </fix> + <fix> + Ensure that the HTTP/1.1 processor is correctly recycled when a direct + connection to h2c is made. (markt) + </fix> </changelog> </subsection> <subsection name="Jasper">
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor