forked from openresty/openresty
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
bugfix: applied the patch for secrity advisory to NGINX cores (CVE-20…
- Loading branch information
Johnny Wang
authored
Oct 18, 2023
1 parent
d086dbc
commit 2f97ded
Showing
2 changed files
with
61 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| diff --git a/src/http/v2/ngx_http_v2.c b/src/http/v2/ngx_http_v2.c | ||
| --- a/src/http/v2/ngx_http_v2.c | ||
| +++ b/src/http/v2/ngx_http_v2.c | ||
| @@ -347,6 +347,7 @@ ngx_http_v2_read_handler(ngx_event_t *re | ||
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http2 read handler"); | ||
|
|
||
| h2c->blocked = 1; | ||
| + h2c->new_streams = 0; | ||
|
|
||
| if (c->close) { | ||
| c->close = 0; | ||
| @@ -1284,6 +1285,14 @@ ngx_http_v2_state_headers(ngx_http_v2_co | ||
| goto rst_stream; | ||
| } | ||
|
|
||
| + if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { | ||
| + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | ||
| + "client sent too many streams at once"); | ||
| + | ||
| + status = NGX_HTTP_V2_REFUSED_STREAM; | ||
| + goto rst_stream; | ||
| + } | ||
| + | ||
| if (!h2c->settings_ack | ||
| && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) | ||
| && h2scf->preread_size < NGX_HTTP_V2_DEFAULT_WINDOW) | ||
| @@ -1349,6 +1358,12 @@ ngx_http_v2_state_headers(ngx_http_v2_co | ||
|
|
||
| rst_stream: | ||
|
|
||
| + if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { | ||
| + ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, | ||
| + "client sent too many refused streams"); | ||
| + return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); | ||
| + } | ||
| + | ||
| if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { | ||
| return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_INTERNAL_ERROR); | ||
| } | ||
| diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h | ||
| --- a/src/http/v2/ngx_http_v2.h | ||
| +++ b/src/http/v2/ngx_http_v2.h | ||
| @@ -131,6 +131,8 @@ struct ngx_http_v2_connection_s { | ||
| ngx_uint_t processing; | ||
| ngx_uint_t frames; | ||
| ngx_uint_t idle; | ||
| + ngx_uint_t new_streams; | ||
| + ngx_uint_t refused_streams; | ||
| ngx_uint_t priority_limit; | ||
|
|
||
| size_t send_window; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters