fix CVE-2024-36387
(cherry picked from commit f5e8bbabd3f8affb7838d39b606678c8b62071fc)
This commit is contained in:
zhangxianting
openeuler-sync-bot
parent
7152be796a
commit
4ad4f71f3f
35
backport-CVE-2024-36387.patch
Normal file
35
backport-CVE-2024-36387.patch
Normal file
@ -0,0 +1,35 @@
|
||||
From 62aa64e5aea21dd969db97aded4443c98c0735ac Mon Sep 17 00:00:00 2001
|
||||
From: Eric Covener <covener@apache.org>
|
||||
Date: Mon, 24 Jun 2024 17:51:42 +0000
|
||||
Subject: [PATCH] Merge r1918548 from trunk:
|
||||
|
||||
mod_http2: early exit if bb is null
|
||||
|
||||
|
||||
|
||||
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1918557 13f79535-47bb-0310-9956-ffa450edef68
|
||||
---
|
||||
mod_http2/h2_c2.c | 7 +++++++
|
||||
1 file changed, 7 insertions(+)
|
||||
|
||||
diff --git a/mod_http2/h2_c2.c b/mod_http2/h2_c2.c
|
||||
index a955200..c65a521 100644
|
||||
--- a/mod_http2/h2_c2.c
|
||||
+++ b/mod_http2/h2_c2.c
|
||||
@@ -370,6 +370,13 @@ static apr_status_t h2_c2_filter_out(ap_filter_t* f, apr_bucket_brigade* bb)
|
||||
h2_conn_ctx_t *conn_ctx = h2_conn_ctx_get(f->c);
|
||||
apr_status_t rv;
|
||||
|
||||
+ if (bb == NULL) {
|
||||
+#if !AP_MODULE_MAGIC_AT_LEAST(20180720, 1)
|
||||
+ f->c->data_in_output_filters = 0;
|
||||
+#endif
|
||||
+ return APR_SUCCESS;
|
||||
+ }
|
||||
+
|
||||
ap_assert(conn_ctx);
|
||||
#if AP_HAS_RESPONSE_BUCKETS
|
||||
if (!conn_ctx->has_final_response) {
|
||||
--
|
||||
2.33.0
|
||||
|
||||
@ -2,13 +2,14 @@
|
||||
|
||||
Name: mod_http2
|
||||
Version: 2.0.25
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: Support for the HTTP/2 transport layer
|
||||
License: ASL 2.0
|
||||
URL: https://icing.github.io/mod_h2/
|
||||
Source0: https://github.com/icing/mod_h2/releases/download/v%{version}/%{name}-%{version}.tar.gz
|
||||
|
||||
Patch0: backport-CVE-2024-27316.patch
|
||||
Patch1: backport-CVE-2024-36387.patch
|
||||
|
||||
BuildRequires: make gcc pkgconfig httpd-devel >= 2.4.20 libnghttp2-devel >= 1.7.0 openssl-devel >= 1.0.2 autoconf libtool hostname
|
||||
Requires: httpd-mmn = %{_httpd_mmn}
|
||||
@ -50,6 +51,12 @@ make check
|
||||
%exclude /etc/httpd/share/doc/*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 08 2024 zhangxianting <zhangxianting@uniontech.com> - 2.0.25-3
|
||||
- Type:cves
|
||||
- CVE:CVE-2024-36387
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-36387
|
||||
|
||||
* Sun Apr 07 2024 gaihuiying <eaglegai@163.com> - 2.0.25-2
|
||||
- Type:cves
|
||||
- CVE:CVE-2024-27316
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user