!114 backport fix cve-2023-39325 for openEuler-20.03-LTS-SP4
From: @running-tortoise Reviewed-by: @wubijie123 Signed-off-by: @wubijie123
This commit is contained in:
openeuler-ci-bot
Gitee
commit
edb4e82870
131
0009-backport-fix-CVE-2023-39325.patch
Normal file
131
0009-backport-fix-CVE-2023-39325.patch
Normal file
@ -0,0 +1,131 @@
|
||||
From 31f47cbf4b06ae00b58ffa554706bbc26b17e948 Mon Sep 17 00:00:00 2001
|
||||
From: lvxiangcong <lvxiangcong@kylinos.cn>
|
||||
Date: Tue, 18 Feb 2025 16:22:42 +0800
|
||||
Subject: [PATCH] backport fix cve-2023-39325
|
||||
|
||||
---
|
||||
vendor/golang.org/x/net/http2/server.go | 68 +++++++++++++++++++++++--
|
||||
1 file changed, 65 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/vendor/golang.org/x/net/http2/server.go b/vendor/golang.org/x/net/http2/server.go
|
||||
index 5e01ce9ab..f447050c8 100644
|
||||
--- a/vendor/golang.org/x/net/http2/server.go
|
||||
+++ b/vendor/golang.org/x/net/http2/server.go
|
||||
@@ -521,9 +521,11 @@ type serverConn struct {
|
||||
advMaxStreams uint32 // our SETTINGS_MAX_CONCURRENT_STREAMS advertised the client
|
||||
curClientStreams uint32 // number of open streams initiated by the client
|
||||
curPushedStreams uint32 // number of open streams initiated by server push
|
||||
+ curHandlers uint32 // number of running handler goroutines
|
||||
maxClientStreamID uint32 // max ever seen from client (odd), or 0 if there have been no client requests
|
||||
maxPushPromiseID uint32 // ID of the last push promise (even), or 0 if there have been no pushes
|
||||
streams map[uint32]*stream
|
||||
+ unstartedHandlers []unstartedHandler
|
||||
initialStreamSendWindowSize int32
|
||||
maxFrameSize int32
|
||||
headerTableSize uint32
|
||||
@@ -895,6 +897,8 @@ func (sc *serverConn) serve() {
|
||||
return
|
||||
case gracefulShutdownMsg:
|
||||
sc.startGracefulShutdownInternal()
|
||||
+ case handlerDoneMsg:
|
||||
+ sc.handlerDone()
|
||||
default:
|
||||
panic("unknown timer")
|
||||
}
|
||||
@@ -940,6 +944,7 @@ var (
|
||||
idleTimerMsg = new(serverMessage)
|
||||
shutdownTimerMsg = new(serverMessage)
|
||||
gracefulShutdownMsg = new(serverMessage)
|
||||
+ handlerDoneMsg = new(serverMessage)
|
||||
)
|
||||
|
||||
func (sc *serverConn) onSettingsTimer() { sc.sendServeMsg(settingsTimerMsg) }
|
||||
@@ -1880,8 +1885,9 @@ func (sc *serverConn) processHeaders(f *MetaHeadersFrame) error {
|
||||
sc.conn.SetReadDeadline(time.Time{})
|
||||
}
|
||||
|
||||
- go sc.runHandler(rw, req, handler)
|
||||
- return nil
|
||||
+ //go sc.runHandler(rw, req, handler)
|
||||
+ //return sc.sch
|
||||
+ return sc.scheduleHandler(id,rw,req,handler)
|
||||
}
|
||||
|
||||
func (st *stream) processTrailerHeaders(f *MetaHeadersFrame) error {
|
||||
@@ -2124,8 +2130,64 @@ func (sc *serverConn) newWriterAndRequestNoBody(st *stream, rp requestParam) (*r
|
||||
return rw, req, nil
|
||||
}
|
||||
|
||||
+type unstartedHandler struct {
|
||||
+ streamID uint32
|
||||
+ rw *responseWriter
|
||||
+ req *http.Request
|
||||
+ handler func(http.ResponseWriter, *http.Request)
|
||||
+}
|
||||
+
|
||||
+// scheduleHandler starts a handler goroutine,
|
||||
+// or schedules one to start as soon as an existing handler finishes.
|
||||
+func (sc *serverConn) scheduleHandler(streamID uint32, rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) error {
|
||||
+ sc.serveG.check()
|
||||
+ maxHandlers := sc.advMaxStreams
|
||||
+ if sc.curHandlers < maxHandlers {
|
||||
+ sc.curHandlers++
|
||||
+ go sc.runHandler(rw, req, handler)
|
||||
+ return nil
|
||||
+ }
|
||||
+ if len(sc.unstartedHandlers) > int(4*sc.advMaxStreams) {
|
||||
+ //return sc.countError("too_many_early_resets", ConnectionError(ErrCodeEnhanceYourCalm))
|
||||
+ return ConnectionError(ErrCodeEnhanceYourCalm)
|
||||
+ }
|
||||
+ sc.unstartedHandlers = append(sc.unstartedHandlers, unstartedHandler{
|
||||
+ streamID: streamID,
|
||||
+ rw: rw,
|
||||
+ req: req,
|
||||
+ handler: handler,
|
||||
+ })
|
||||
+ return nil
|
||||
+}
|
||||
+
|
||||
+
|
||||
+func (sc *serverConn)handlerDone(){
|
||||
+ sc.serveG.check()
|
||||
+ sc.curHandlers--
|
||||
+ i := 0
|
||||
+ maxHandlers := sc.advMaxStreams
|
||||
+ for ; i < len(sc.unstartedHandlers); i++ {
|
||||
+ u := sc.unstartedHandlers[i]
|
||||
+ if sc.streams[u.streamID] == nil {
|
||||
+ // This stream was reset before its goroutine had a chance to start.
|
||||
+ continue
|
||||
+ }
|
||||
+ if sc.curHandlers >= maxHandlers {
|
||||
+ break
|
||||
+ }
|
||||
+ sc.curHandlers++
|
||||
+ go sc.runHandler(u.rw, u.req, u.handler)
|
||||
+ sc.unstartedHandlers[i] = unstartedHandler{} // don't retain references
|
||||
+ }
|
||||
+ sc.unstartedHandlers = sc.unstartedHandlers[i:]
|
||||
+ if len(sc.unstartedHandlers) == 0 {
|
||||
+ sc.unstartedHandlers = nil
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
// Run on its own goroutine.
|
||||
func (sc *serverConn) runHandler(rw *responseWriter, req *http.Request, handler func(http.ResponseWriter, *http.Request)) {
|
||||
+ defer sc.sendServeMsg(handlerDoneMsg)
|
||||
didPanic := true
|
||||
defer func() {
|
||||
rw.rws.stream.cancelCtx()
|
||||
@@ -2879,7 +2941,7 @@ func (sc *serverConn) startPush(msg *startPushRequest) {
|
||||
// Should not happen, since we've already validated msg.url.
|
||||
panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
|
||||
}
|
||||
-
|
||||
+ sc.curHandlers++
|
||||
go sc.runHandler(rw, req, sc.handler.ServeHTTP)
|
||||
return promisedID, nil
|
||||
}
|
||||
--
|
||||
2.25.1
|
||||
|
||||
11
etcd.spec
11
etcd.spec
@ -31,7 +31,7 @@ system.}
|
||||
%global gosupfiles integration/fixtures/* etcdserver/api/v2http/testdata/*
|
||||
|
||||
Name: etcd
|
||||
Release: 9
|
||||
Release: 10
|
||||
Summary: Distributed reliable key-value store for the most critical data of a distributed system
|
||||
|
||||
# Upstream license specification: Apache-2.0
|
||||
@ -52,7 +52,7 @@ Patch5: 0005-backport-fix-CVE-2022-41723.patch
|
||||
Patch6: 0006-backport-fix-CVE-2022-34038.patch
|
||||
Patch7: 0007-backport-fix-CVE-2023-32082.patch
|
||||
Patch8: 0008-backport-fix-CVE-2021-28235.patch
|
||||
|
||||
Patch9: 0009-backport-fix-CVE-2023-39325.patch
|
||||
BuildRequires: golang
|
||||
BuildRequires: python3-devel
|
||||
%{?systemd_requires}
|
||||
@ -75,6 +75,7 @@ Requires(pre): shadow-utils
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch9 -p1
|
||||
# For compatibility
|
||||
cp -aR etcdserver/api/snap snap
|
||||
cp -aR etcdserver/api/membership etcdserver/membership
|
||||
@ -160,6 +161,12 @@ getent passwd %{name} >/dev/null || useradd -r -g %{name} -d %{_sharedstatedir}/
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Feb 18 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-10
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-39325
|
||||
- SUG:NA
|
||||
- DESC: backport fix 2023-39325
|
||||
|
||||
* Mon Feb 17 2025 lvxiangcong<lvxiangcong@kylinos.cn> - 3.4.14-9
|
||||
- Type:CVE
|
||||
- CVE:CVE-2023-32082 CVE-2021-28235
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user