diff options
author | Martin Jansa <Martin.Jansa@gmail.com> | 2021-02-20 16:13:37 -0800 |
---|---|---|
committer | Martin Jansa <Martin.Jansa@gmail.com> | 2021-02-23 11:31:36 +0100 |
commit | 3a3a6c4e42d0b1c22d4e0d9cfd42d3e119972ce0 (patch) | |
tree | 23822e45398740c0421784c38abe3e7ba07f796d | |
parent | eeef16060d0373616e24668342b157fc973e1e96 (diff) | |
download | meta-openembedded-contrib-jansa/dunfell.tar.gz meta-openembedded-contrib-jansa/dunfell.tar.bz2 meta-openembedded-contrib-jansa/dunfell.zip |
nghttp2: Fix CVE-2020-11080.patch to applyjansa/dunfell
fixes:
Applying patch CVE-2020-11080.patch
patching file doc/CMakeLists.txt
patching file doc/Makefile.am
Hunk #1 FAILED at 69.
1 out of 1 hunk FAILED -- rejects in file doc/Makefile.am
patching file lib/includes/nghttp2/nghttp2.h
patching file lib/nghttp2_helper.c
patching file lib/nghttp2_option.c
patching file lib/nghttp2_option.h
patching file lib/nghttp2_session.c
Hunk #3 succeeded at 5694 (offset 31 lines).
Hunk #4 succeeded at 7470 (offset 29 lines).
patching file lib/nghttp2_session.h
patching file tests/main.c
Hunk #1 succeeded at 315 (offset -2 lines).
patching file tests/nghttp2_session_test.c
Hunk #1 succeeded at 10558 (offset -56 lines).
patching file tests/nghttp2_session_test.h
Patch CVE-2020-11080.patch does not apply (enforce with -f)
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r-- | meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch index 5cf2e872f4..83a1074191 100644 --- a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch +++ b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080.patch @@ -1,11 +1,11 @@ -From 336a98feb0d56b9ac54e12736b18785c27f75090 Mon Sep 17 00:00:00 2001 +From 0e3ddf72a648c5909eef3486432f70ba15089f13 Mon Sep 17 00:00:00 2001 From: James M Snell <jasnell@gmail.com> Date: Fri, 17 Apr 2020 16:53:51 -0700 Subject: [PATCH] Implement max settings option CVE: CVE-2020-11080 Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090] -Comment: No hunks refreshed +Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> --- doc/CMakeLists.txt | 1 + doc/Makefile.am | 1 + @@ -21,7 +21,7 @@ Comment: No hunks refreshed 11 files changed, 124 insertions(+) diff --git a/doc/CMakeLists.txt b/doc/CMakeLists.txt -index 34c027929..f3aec84da 100644 +index 34c02792..f3aec84d 100644 --- a/doc/CMakeLists.txt +++ b/doc/CMakeLists.txt @@ -42,6 +42,7 @@ set(APIDOCS @@ -33,25 +33,25 @@ index 34c027929..f3aec84da 100644 nghttp2_priority_spec_check_default.rst nghttp2_priority_spec_default_init.rst diff --git a/doc/Makefile.am b/doc/Makefile.am -index 4d73cef50..f073bfa4c 100644 +index 4d73cef5..f073bfa4 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -69,6 +69,7 @@ APIDOCS= \ - nghttp2_option_set_peer_max_concurrent_streams.rst \ - nghttp2_option_set_user_recv_extension_type.rst \ - nghttp2_option_set_max_outbound_ack.rst \ -+ nghttp2_option_set_max_settings.rst \ - nghttp2_pack_settings_payload.rst \ - nghttp2_priority_spec_check_default.rst \ - nghttp2_priority_spec_default_init.rst \ + nghttp2_option_set_peer_max_concurrent_streams.rst \ + nghttp2_option_set_user_recv_extension_type.rst \ + nghttp2_option_set_max_outbound_ack.rst \ ++ nghttp2_option_set_max_settings.rst \ + nghttp2_pack_settings_payload.rst \ + nghttp2_priority_spec_check_default.rst \ + nghttp2_priority_spec_default_init.rst \ diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h -index e3aeb9fed..9be6eea5c 100644 +index e3aeb9fe..9be6eea5 100644 --- a/lib/includes/nghttp2/nghttp2.h +++ b/lib/includes/nghttp2/nghttp2.h @@ -228,6 +228,13 @@ typedef struct { */ #define NGHTTP2_CLIENT_MAGIC_LEN 24 - + +/** + * @macro + * @@ -77,7 +77,7 @@ index e3aeb9fed..9be6eea5c 100644 @@ -2659,6 +2671,17 @@ NGHTTP2_EXTERN void nghttp2_option_set_no_closed_streams(nghttp2_option *option, NGHTTP2_EXTERN void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, size_t val); - + +/** + * @function + * @@ -93,7 +93,7 @@ index e3aeb9fed..9be6eea5c 100644 * @function * diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c -index 91136a619..0bd541472 100644 +index 91136a61..0bd54147 100644 --- a/lib/nghttp2_helper.c +++ b/lib/nghttp2_helper.c @@ -334,6 +334,8 @@ const char *nghttp2_strerror(int error_code) { @@ -106,7 +106,7 @@ index 91136a619..0bd541472 100644 return "Unknown error code"; } diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c -index e53f22d36..34348e660 100644 +index e53f22d3..34348e66 100644 --- a/lib/nghttp2_option.c +++ b/lib/nghttp2_option.c @@ -121,3 +121,8 @@ void nghttp2_option_set_max_outbound_ack(nghttp2_option *option, size_t val) { @@ -119,7 +119,7 @@ index e53f22d36..34348e660 100644 + option->max_settings = val; +} diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h -index 1f740aaa6..939729fdc 100644 +index 1f740aaa..939729fd 100644 --- a/lib/nghttp2_option.h +++ b/lib/nghttp2_option.h @@ -67,6 +67,7 @@ typedef enum { @@ -128,7 +128,7 @@ index 1f740aaa6..939729fdc 100644 NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11, + NGHTTP2_OPT_MAX_SETTINGS = 1 << 12, } nghttp2_option_flag; - + /** @@ -85,6 +86,10 @@ struct nghttp2_option { * NGHTTP2_OPT_MAX_OUTBOUND_ACK @@ -142,15 +142,15 @@ index 1f740aaa6..939729fdc 100644 * Bitwise OR of nghttp2_option_flag to determine that which fields * are specified. diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c -index 563ccd7de..415e34776 100644 +index 9df3d6f3..470576da 100644 --- a/lib/nghttp2_session.c +++ b/lib/nghttp2_session.c @@ -458,6 +458,7 @@ static int session_new(nghttp2_session **session_ptr, - + (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN; (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM; + (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS; - + if (option) { if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) && @@ -521,6 +522,11 @@ static int session_new(nghttp2_session **session_ptr, @@ -163,12 +163,12 @@ index 563ccd7de..415e34776 100644 + (*session_ptr)->max_settings = option->max_settings; + } } - + rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, -@@ -5657,6 +5663,16 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, +@@ -5688,6 +5694,16 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in, iframe->max_niv = iframe->frame.hd.length / NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH + 1; - + + if (iframe->max_niv - 1 > session->max_settings) { + rv = nghttp2_session_terminate_session_with_reason( + session, NGHTTP2_ENHANCE_YOUR_CALM, @@ -181,8 +181,8 @@ index 563ccd7de..415e34776 100644 + iframe->iv = nghttp2_mem_malloc(mem, sizeof(nghttp2_settings_entry) * iframe->max_niv); - -@@ -7425,6 +7441,11 @@ static int nghttp2_session_upgrade_internal(nghttp2_session *session, + +@@ -7454,6 +7470,11 @@ static int nghttp2_session_upgrade_internal(nghttp2_session *session, if (settings_payloadlen % NGHTTP2_FRAME_SETTINGS_ENTRY_LENGTH) { return NGHTTP2_ERR_INVALID_ARGUMENT; } @@ -195,7 +195,7 @@ index 563ccd7de..415e34776 100644 settings_payloadlen, mem); if (rv != 0) { diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h -index d20827315..07bfbb6c9 100644 +index 90ead9c0..0cd51815 100644 --- a/lib/nghttp2_session.h +++ b/lib/nghttp2_session.h @@ -267,6 +267,8 @@ struct nghttp2_session { @@ -208,10 +208,10 @@ index d20827315..07bfbb6c9 100644 uint32_t next_stream_id; /* The last stream ID this session initiated. For client session, diff --git a/tests/main.c b/tests/main.c -index 41e0b03eb..67eb4a1c2 100644 +index 46e9b1cb..e1e75689 100644 --- a/tests/main.c +++ b/tests/main.c -@@ -317,6 +317,8 @@ int main() { +@@ -315,6 +315,8 @@ int main() { test_nghttp2_session_set_local_window_size) || !CU_add_test(pSuite, "session_cancel_from_before_frame_send", test_nghttp2_session_cancel_from_before_frame_send) || @@ -221,13 +221,13 @@ index 41e0b03eb..67eb4a1c2 100644 test_nghttp2_session_removed_closed_stream) || !CU_add_test(pSuite, "session_pause_data", diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c -index 6eb8e244d..33ee3ad84 100644 +index b366a6aa..cefe27a6 100644 --- a/tests/nghttp2_session_test.c +++ b/tests/nghttp2_session_test.c -@@ -10614,6 +10614,67 @@ void test_nghttp2_session_cancel_from_before_frame_send(void) { +@@ -10558,6 +10558,67 @@ void test_nghttp2_session_cancel_from_before_frame_send(void) { nghttp2_session_del(session); } - + +void test_nghttp2_session_too_many_settings(void) { + nghttp2_session *session; + nghttp2_option *option; @@ -293,7 +293,7 @@ index 6eb8e244d..33ee3ad84 100644 prepare_session_removed_closed_stream(nghttp2_session *session, nghttp2_hd_deflater *deflater) { diff --git a/tests/nghttp2_session_test.h b/tests/nghttp2_session_test.h -index e872c5d0b..818c808d0 100644 +index e872c5d0..818c808d 100644 --- a/tests/nghttp2_session_test.h +++ b/tests/nghttp2_session_test.h @@ -156,6 +156,7 @@ void test_nghttp2_session_repeated_priority_change(void); |