Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
tomcat.28365
tomcat-9.0-CVE-2020-13943.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File tomcat-9.0-CVE-2020-13943.patch of Package tomcat.28365
From 55911430df13f8c9998fbdee1f9716994d2db59b Mon Sep 17 00:00:00 2001 From: Mark Thomas <markt@apache.org> Date: Thu, 23 Jul 2020 17:43:45 +0100 Subject: [PATCH] Move check for current streams to end of header parsing. --- java/org/apache/coyote/http2/Http2Parser.java | 2 +- .../coyote/http2/Http2UpgradeHandler.java | 24 ++++++++++--------- .../coyote/http2/TestHttp2Section_5_1.java | 20 ++++++++++------ 3 files changed, 27 insertions(+), 19 deletions(-) Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2Parser.java +++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java @@ -738,7 +738,7 @@ class Http2Parser { HeaderEmitter headersStart(int streamId, boolean headersEndStream) throws Http2Exception, IOException; void headersContinue(int payloadSize, boolean endOfHeaders); - void headersEnd(int streamId) throws ConnectionException; + void headersEnd(int streamId) throws Http2Exception; // Priority frames (also headers) void reprioritise(int streamId, int parentStreamId, boolean exclusive, int weight) Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java =================================================================== --- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2UpgradeHandler.java +++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2UpgradeHandler.java @@ -1451,16 +1451,6 @@ class Http2UpgradeHandler extends Abstra stream.checkState(FrameType.HEADERS); stream.receivedStartOfHeaders(headersEndStream); closeIdleStreams(streamId); - if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) { - setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet()); - // Ignoring maxConcurrentStreams increases the overhead count - increaseOverheadCount(); - throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams", - Long.toString(localSettings.getMaxConcurrentStreams())), - Http2Error.REFUSED_STREAM, streamId); - } - // Valid new stream reduces the overhead count - reduceOverheadCount(); return stream; } else { if (log.isDebugEnabled()) { @@ -1528,12 +1518,24 @@ class Http2UpgradeHandler extends Abstra @Override - public void headersEnd(int streamId) throws ConnectionException { + public void headersEnd(int streamId) throws Http2Exception { Stream stream = getStream(streamId, connectionState.get().isNewStreamAllowed()); if (stream != null) { setMaxProcessedStream(streamId); if (stream.isActive()) { if (stream.receivedEndOfHeaders()) { + + if (localSettings.getMaxConcurrentStreams() < activeRemoteStreamCount.incrementAndGet()) { + setConnectionTimeoutForStreamCount(activeRemoteStreamCount.decrementAndGet()); + // Ignoring maxConcurrentStreams increases the overhead count + increaseOverheadCount(); + throw new StreamException(sm.getString("upgradeHandler.tooManyRemoteStreams", + Long.toString(localSettings.getMaxConcurrentStreams())), + Http2Error.REFUSED_STREAM, streamId); + } + // Valid new stream reduces the overhead count + reduceOverheadCount(); + processStreamOnContainerThread(stream); } } Index: apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java =================================================================== --- apache-tomcat-9.0.36-src.orig/test/org/apache/coyote/http2/TestHttp2Section_5_1.java +++ apache-tomcat-9.0.36-src/test/org/apache/coyote/http2/TestHttp2Section_5_1.java @@ -222,11 +222,11 @@ public class TestHttp2Section_5_1 extend // Expecting // 1 * headers // 56k-1 of body (7 * ~8k) - // 1 * error (could be in any order) - for (int i = 0; i < 8; i++) { + // 1 * error + // for a total of 9 frames (could be in any order) + for (int i = 0; i < 9; i++) { parser.readFrame(true); } - parser.readFrame(true); Assert.assertTrue(output.getTrace(), output.getTrace().contains("5-RST-[" + @@ -238,14 +238,20 @@ public class TestHttp2Section_5_1 extend // Release the remaining body sendWindowUpdate(0, (1 << 31) - 2); - // Allow for the 8k still in the stream window + // Allow for the ~8k still in the stream window sendWindowUpdate(3, (1 << 31) - 8193); - // 192k of body (24 * 8k) - // 1 * error (could be in any order) - for (int i = 0; i < 24; i++) { + // Read until the end of stream 3 + while (!output.getTrace().contains("3-EndOfStream")) { parser.readFrame(true); } + output.clearTrace(); + + // Confirm another request can be sent once concurrency falls back below limit + sendSimpleGetRequest(7); + parser.readFrame(true); + parser.readFrame(true); + Assert.assertEquals(getSimpleResponseTrace(7), output.getTrace()); }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor