1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| | Fix CVE-2016-8740 (mod_http2: properly crafted, endless HTTP/2 CONTINUATION
frames could be used to exhaust all server's memory.):
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8740
https://httpd.apache.org/security/vulnerabilities_24.html
Patched copied from upstream mailing list:
https://mail-archives.apache.org/mod_mbox/httpd-announce/201612.mbox/%3C1A097A43-7CCB-4BA1-861F-E0C7EEE83A4B%40apache.org%3E
Index: modules/http2/h2_stream.c
===================================================================
--- a/modules/http2/h2_stream.c (revision 1771866)
+++ b/modules/http2/h2_stream.c (working copy)
@@ -322,18 +322,18 @@
HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE);
}
}
- }
-
- if (h2_stream_is_scheduled(stream)) {
- return h2_request_add_trailer(stream->request, stream->pool,
- name, nlen, value, vlen);
- }
- else {
- if (!input_open(stream)) {
- return APR_ECONNRESET;
+
+ if (h2_stream_is_scheduled(stream)) {
+ return h2_request_add_trailer(stream->request, stream->pool,
+ name, nlen, value, vlen);
}
- return h2_request_add_header(stream->request, stream->pool,
- name, nlen, value, vlen);
+ else {
+ if (!input_open(stream)) {
+ return APR_ECONNRESET;
+ }
+ return h2_request_add_header(stream->request, stream->pool,
+ name, nlen, value, vlen);
+ }
}
}
|