packages/nghttp2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: packages:c3e26b3591e855b2fcab76ac24188dcb83f38d0c
Branches Tags
packages:main
...
compare: packages:9eff89b52a4be963bbf4b9774cf1b70887b3a46c
Branches Tags
packages:main

10 Commits
c3e26b3591 ... 9eff89b52a

Author SHA1 Message Date
openeuler-ci-bot
9eff89b52a
!50 fix CVE-2024-28182 
From: @ultra_planet 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2024-04-07 08:51:54 +00:00
lingsheng
0ea632fda7 fix CVE-2024-28182 2024-04-07 06:13:03 +00:00
openeuler-ci-bot
d102dafae0
!46 fix CVE-2023-44487 
From: @XWwalker 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
 2023-10-24 02:20:23 +00:00
xingwei
48e495b37c fix CVE-2023-44487 2023-10-23 12:03:02 +00:00
openeuler-ci-bot
5485e19a31
!33 fix CVE-2023-35945 
From: @yeah_wang 
Reviewed-by: @sunsuwan 
Signed-off-by: @sunsuwan
 2023-07-17 07:27:57 +00:00
wang ye
1e62833678 nghttp2: fix CVE-2023-35945 
Signed-off-by: wang ye <wangye91@h-partners.com>
 2023-07-15 07:16:24 +00:00
openeuler-ci-bot
4272b7cc0d
!21 Replace the use of strtoul and strtol with parse_uint 
From: @XWwalker 
Reviewed-by: @seuzw 
Signed-off-by: @seuzw
 2022-09-02 08:38:39 +00:00
XWwalker
ac75a7edd4 replace the use of strtoul and strol with parse_uint 2022-09-02 16:27:15 +08:00
openeuler-ci-bot
24add8fe86 !6 remove cunit-devel dependency 
From: @eaglegai
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
 2021-01-21 09:50:41 +08:00
eaglegai
2dc1c705fd remove cunit-devel dependency 2021-01-15 16:47:43 +08:00
7 changed files with 1839 additions and 2 deletions
Show Stats Expand all files Collapse all files

143
backport-CVE-2023-35945.patch Normal file
View File

@ -0,0 +1,143 @@
From ce385d3f55a4b76da976b3bdf71fe2deddf315ba Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Fri, 14 Jul 2023 20:52:03 +0900
Subject: [PATCH] Fix memory leak
This commit fixes memory leak that happens when PUSH_PROMISE or
HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback
fails with a fatal error. For example, if GOAWAY frame has been
received, a HEADERS frame that opens new stream cannot be sent.
This issue has already been made public via CVE-2023-35945 [1] issued
by envoyproxy/envoy project. During embargo period, the patch to fix
this bug was accidentally submitted to nghttp2/nghttp2 repository [2].
And they decided to disclose CVE early. I was notified just 1.5 hours
before disclosure. I had no time to respond.
PoC described in [1] is quite simple, but I think it is not enough to
trigger this bug. While it is true that receiving GOAWAY prevents a
client from opening new stream, and nghttp2 enters error handling
branch, in order to cause the memory leak,
nghttp2_session_close_stream function must return a fatal error.
nghttp2 defines 2 fatal error codes:
- NGHTTP2_ERR_NOMEM
- NGHTTP2_ERR_CALLBACK_FAILURE
NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It
is unlikely that a process gets short of memory with this simple PoC
scenario unless application does something memory heavy processing.
NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined
callback function (nghttp2_on_stream_close_callback, in this case),
which indicates something fatal happened inside a callback, and a
connection must be closed immediately without any further action. As
nghttp2_on_stream_close_error_callback documentation says, any error
code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code. More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated
into NGHTTP2_ERR_CALLBACK_FAILURE.
[1] https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
[2] https://github.com/nghttp2/nghttp2/pull/1929
---
lib/nghttp2_session.c | 10 +++++-----
tests/nghttp2_session_test.c | 34 ++++++++++++++++++++++++++++++++++
2 files changed, 39 insertions(+), 5 deletions(-)
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index 7509ceb5c6..71858a39e0 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -3296,6 +3296,7 @@ static ssize_t nghttp2_session_mem_send_internal(nghttp2_session *session,
if (rv < 0) {
int32_t opened_stream_id = 0;
uint32_t error_code = NGHTTP2_INTERNAL_ERROR;
+ int rv2 = 0;
DEBUGF("send: frame preparation failed with %s\n",
nghttp2_strerror(rv));
@@ -3338,19 +3339,18 @@ static ssize_t nghttp2_session_mem_send_internal(nghttp2_session *session,
}
if (opened_stream_id) {
/* careful not to override rv */
- int rv2;
rv2 = nghttp2_session_close_stream(session, opened_stream_id,
error_code);
-
- if (nghttp2_is_fatal(rv2)) {
- return rv2;
- }
}
nghttp2_outbound_item_free(item, mem);
nghttp2_mem_free(mem, item);
active_outbound_item_reset(aob, mem);
+ if (nghttp2_is_fatal(rv2)) {
+ return rv2;
+ }
+
if (rv == NGHTTP2_ERR_HEADER_COMP) {
/* If header compression error occurred, should terminiate
connection. */
diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c
index b55ff53443..74352426c1 100644
--- a/tests/nghttp2_session_test.c
+++ b/tests/nghttp2_session_test.c
@@ -584,6 +584,15 @@ static int on_stream_close_callback(nghttp2_session *session, int32_t stream_id,
return 0;
}
+static int fatal_error_on_stream_close_callback(nghttp2_session *session,
+ int32_t stream_id,
+ uint32_t error_code,
+ void *user_data) {
+ on_stream_close_callback(session, stream_id, error_code, user_data);
+
+ return NGHTTP2_ERR_CALLBACK_FAILURE;
+}
+
static ssize_t pack_extension_callback(nghttp2_session *session, uint8_t *buf,
size_t len, const nghttp2_frame *frame,
void *user_data) {
@@ -4296,6 +4305,8 @@ void test_nghttp2_session_on_goaway_received(void) {
nghttp2_frame frame;
int i;
nghttp2_mem *mem;
+ const uint8_t *data;
+ ssize_t datalen;
mem = nghttp2_mem_default();
user_data.frame_recv_cb_called = 0;
@@ -4337,6 +4348,29 @@ void test_nghttp2_session_on_goaway_received(void) {
nghttp2_frame_goaway_free(&frame.goaway, mem);
nghttp2_session_del(session);
+
+ /* Make sure that no memory leak when stream_close callback fails
+ with a fatal error */
+ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks));
+ callbacks.on_stream_close_callback = fatal_error_on_stream_close_callback;
+
+ memset(&user_data, 0, sizeof(user_data));
+
+ nghttp2_session_client_new(&session, &callbacks, &user_data);
+
+ nghttp2_frame_goaway_init(&frame.goaway, 0, NGHTTP2_NO_ERROR, NULL, 0);
+
+ CU_ASSERT(0 == nghttp2_session_on_goaway_received(session, &frame));
+
+ nghttp2_submit_request(session, NULL, reqnv, ARRLEN(reqnv), NULL, NULL);
+
+ datalen = nghttp2_session_mem_send(session, &data);
+
+ CU_ASSERT(NGHTTP2_ERR_CALLBACK_FAILURE == datalen);
+ CU_ASSERT(1 == user_data.stream_close_cb_called);
+
+ nghttp2_frame_goaway_free(&frame.goaway, mem);
+ nghttp2_session_del(session);
}
void test_nghttp2_session_on_window_update_received(void) {

975
backport-CVE-2023-44487.patch Normal file
View File

@ -0,0 +1,975 @@
From 72b4af6143681f528f1d237b21a9a7aee1738832 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sun, 1 Oct 2023 00:05:01 +0900
Subject: [PATCH] Rework session management
Conflict:remove .github/workflows/build.yml
Reference:https://github.com/nghttp2/nghttp2/commit/72b4af6143681f528f1d237b21a9a7aee1738832
---
CMakeLists.txt | 4 ++
cmakeconfig.h.in | 9 +++
configure.ac | 21 +++++++
doc/Makefile.am | 1 +
lib/CMakeLists.txt | 2 +
lib/Makefile.am | 4 ++
lib/includes/nghttp2/nghttp2.h | 17 ++++++
lib/nghttp2_option.c | 7 +++
lib/nghttp2_option.h | 6 ++
lib/nghttp2_ratelim.c | 75 ++++++++++++++++++++++++
lib/nghttp2_ratelim.h | 57 ++++++++++++++++++
lib/nghttp2_session.c | 34 ++++++++++-
lib/nghttp2_session.h | 12 +++-
lib/nghttp2_time.c | 62 ++++++++++++++++++++
lib/nghttp2_time.h | 38 ++++++++++++
tests/CMakeLists.txt | 1 +
tests/Makefile.am | 6 +-
tests/main.c | 7 ++-
tests/nghttp2_ratelim_test.c | 101 ++++++++++++++++++++++++++++++++
tests/nghttp2_ratelim_test.h | 35 +++++++++++
tests/nghttp2_session_test.c | 103 +++++++++++++++++++++++++++++++++
tests/nghttp2_session_test.h | 1 +
22 files changed, 598 insertions(+), 5 deletions(-)
create mode 100644 lib/nghttp2_ratelim.c
create mode 100644 lib/nghttp2_ratelim.h
create mode 100644 lib/nghttp2_time.c
create mode 100644 lib/nghttp2_time.h
create mode 100644 tests/nghttp2_ratelim_test.c
create mode 100644 tests/nghttp2_ratelim_test.h
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 69c2c7b..b04d512 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -264,6 +264,7 @@ check_include_file("netinet/in.h" HAVE_NETINET_IN_H)
check_include_file("pwd.h" HAVE_PWD_H)
check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H)
check_include_file("sys/time.h" HAVE_SYS_TIME_H)
+check_include_file("sysinfoapi.h" HAVE_SYSINFOAPI_H)
check_include_file("syslog.h" HAVE_SYSLOG_H)
check_include_file("time.h" HAVE_TIME_H)
check_include_file("unistd.h" HAVE_UNISTD_H)
@@ -304,8 +305,11 @@ check_type_size("time_t" SIZEOF_TIME_T)
include(CheckFunctionExists)
check_function_exists(_Exit HAVE__EXIT)
check_function_exists(accept4 HAVE_ACCEPT4)
+check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
check_function_exists(mkostemp HAVE_MKOSTEMP)
+check_symbol_exists(GetTickCount64 sysinfoapi.h HAVE_GETTICKCOUNT64)
+
include(CheckSymbolExists)
# XXX does this correctly detect initgroups (un)availability on cygwin?
check_symbol_exists(initgroups grp.h HAVE_DECL_INITGROUPS)
diff --git a/cmakeconfig.h.in b/cmakeconfig.h.in
index d67b540..4065029 100644
--- a/cmakeconfig.h.in
+++ b/cmakeconfig.h.in
@@ -34,9 +34,15 @@
/* Define to 1 if you have the `accept4` function. */
#cmakedefine HAVE_ACCEPT4 1
+/* Define to 1 if you have the `clock_gettime` function. */
+#cmakedefine HAVE_CLOCK_GETTIME 1
+
/* Define to 1 if you have the `mkostemp` function. */
#cmakedefine HAVE_MKOSTEMP 1
+/* Define to 1 if you have the `GetTickCount64` function. */
+#cmakedefine HAVE_GETTICKCOUNT64 1
+
/* Define to 1 if you have the `initgroups` function. */
#cmakedefine01 HAVE_DECL_INITGROUPS
@@ -73,6 +79,9 @@
/* Define to 1 if you have the <sys/time.h> header file. */
#cmakedefine HAVE_SYS_TIME_H 1
+/* Define to 1 if you have the <sysinfoapi.h> header file. */
+#cmakedefine HAVE_SYSINFOAPI_H 1
+
/* Define to 1 if you have the <syslog.h> header file. */
#cmakedefine HAVE_SYSLOG_H 1
diff --git a/configure.ac b/configure.ac
index 961b78d..db9ec7c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -607,6 +607,7 @@ AC_CHECK_HEADERS([ \
string.h \
sys/socket.h \
sys/time.h \
+ sysinfoapi.h \
syslog.h \
time.h \
unistd.h \
@@ -681,6 +682,7 @@ AC_FUNC_STRNLEN
AC_CHECK_FUNCS([ \
_Exit \
accept4 \
+ clock_gettime \
dup2 \
getcwd \
getpwnam \
@@ -706,6 +708,25 @@ AC_CHECK_FUNCS([ \
AC_CHECK_FUNC([timerfd_create],
[have_timerfd_create=yes], [have_timerfd_create=no])
+AC_MSG_CHECKING([checking for GetTickCount64])
+AC_LINK_IFELSE([AC_LANG_PROGRAM(
+[[
+#include <sysinfoapi.h>
+]],
+[[
+GetTickCount64();
+]])],
+[have_gettickcount64=yes],
+[have_gettickcount64=no])
+
+if test "x${have_gettickcount64}" = "xyes"; then
+ AC_MSG_RESULT([yes])
+ AC_DEFINE([HAVE_GETTICKCOUNT64], [1],
+ [Define to 1 if you have `GetTickCount64` function.])
+else
+ AC_MSG_RESULT([no])
+fi
+
# For cygwin: we can link initgroups, so AC_CHECK_FUNCS succeeds, but
# cygwin disables initgroups due to feature test macro magic with our
# configuration. FreeBSD declares initgroups() in unistd.h.
diff --git a/doc/Makefile.am b/doc/Makefile.am
index f073bfa..40a0011 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -70,6 +70,7 @@ APIDOCS= \
nghttp2_option_set_user_recv_extension_type.rst \
nghttp2_option_set_max_outbound_ack.rst \
nghttp2_option_set_max_settings.rst \
+ nghttp2_option_set_stream_reset_rate_limit.rst \
nghttp2_pack_settings_payload.rst \
nghttp2_priority_spec_check_default.rst \
nghttp2_priority_spec_default_init.rst \
diff --git a/lib/CMakeLists.txt b/lib/CMakeLists.txt
index 4dc2fcd..26e843d 100644
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -23,6 +23,8 @@ set(NGHTTP2_SOURCES
nghttp2_mem.c
nghttp2_http.c
nghttp2_rcbuf.c
+ nghttp2_ratelim.c
+ nghttp2_time.c
nghttp2_debug.c
)
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 24a5bd6..595714d 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -49,6 +49,8 @@ OBJECTS = nghttp2_pq.c nghttp2_map.c nghttp2_queue.c \
nghttp2_mem.c \
nghttp2_http.c \
nghttp2_rcbuf.c \
+ nghttp2_ratelim.c \
+ nghttp2_time.c \
nghttp2_debug.c
HFILES = nghttp2_pq.h nghttp2_int.h nghttp2_map.h nghttp2_queue.h \
@@ -65,6 +67,8 @@ HFILES = nghttp2_pq.h nghttp2_int.h nghttp2_map.h nghttp2_queue.h \
nghttp2_mem.h \
nghttp2_http.h \
nghttp2_rcbuf.h \
+ nghttp2_ratelim.h \
+ nghttp2_time.h \
nghttp2_debug.h
libnghttp2_la_SOURCES = $(HFILES) $(OBJECTS)
diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
index 9be6eea..f0b9f17 100644
--- a/lib/includes/nghttp2/nghttp2.h
+++ b/lib/includes/nghttp2/nghttp2.h
@@ -2760,6 +2760,23 @@ nghttp2_session_client_new2(nghttp2_session **session_ptr,
const nghttp2_session_callbacks *callbacks,
void *user_data, const nghttp2_option *option);
+/**
+ * @function
+ *
+ * This function sets the rate limit for the incoming stream reset
+ * (RST_STREAM frame). It is server use only. It is a token-bucket
+ * based rate limiter. |burst| specifies the number of tokens that is
+ * initially available. The maximum number of tokens is capped to
+ * this value. |rate| specifies the number of tokens that are
+ * regenerated per second. An incoming RST_STREAM consumes one token.
+ * If there is no token available, GOAWAY is sent to tear down the
+ * connection. |burst| and |rate| default to 1000 and 33
+ * respectively.
+ */
+NGHTTP2_EXTERN void
+nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+ uint64_t burst, uint64_t rate);
+
/**
* @function
*
diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c
index 34348e6..0d9a404 100644
--- a/lib/nghttp2_option.c
+++ b/lib/nghttp2_option.c
@@ -126,3 +126,10 @@ void nghttp2_option_set_max_settings(nghttp2_option *option, size_t val) {
option->opt_set_mask |= NGHTTP2_OPT_MAX_SETTINGS;
option->max_settings = val;
}
+
+void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
+ uint64_t burst, uint64_t rate) {
+ option->opt_set_mask |= NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT;
+ option->stream_reset_burst = burst;
+ option->stream_reset_rate = rate;
+}
diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h
index 939729f..e6ba910 100644
--- a/lib/nghttp2_option.h
+++ b/lib/nghttp2_option.h
@@ -68,12 +68,18 @@ typedef enum {
NGHTTP2_OPT_NO_CLOSED_STREAMS = 1 << 10,
NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11,
NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
+ NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
} nghttp2_option_flag;
/**
* Struct to store option values for nghttp2_session.
*/
struct nghttp2_option {
+ /**
+ * NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT
+ */
+ uint64_t stream_reset_burst;
+ uint64_t stream_reset_rate;
/**
* NGHTTP2_OPT_MAX_SEND_HEADER_BLOCK_LENGTH
*/
diff --git a/lib/nghttp2_ratelim.c b/lib/nghttp2_ratelim.c
new file mode 100644
index 0000000..7011655
--- /dev/null
+++ b/lib/nghttp2_ratelim.c
@@ -0,0 +1,75 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "nghttp2_ratelim.h"
+#include "nghttp2_helper.h"
+
+void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate) {
+ rl->val = rl->burst = burst;
+ rl->rate = rate;
+ rl->tstamp = 0;
+}
+
+void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp) {
+ uint64_t d, gain;
+
+ if (tstamp == rl->tstamp) {
+ return;
+ }
+
+ if (tstamp > rl->tstamp) {
+ d = tstamp - rl->tstamp;
+ } else {
+ d = 1;
+ }
+
+ rl->tstamp = tstamp;
+
+ if (UINT64_MAX / d < rl->rate) {
+ rl->val = rl->burst;
+
+ return;
+ }
+
+ gain = rl->rate * d;
+
+ if (UINT64_MAX - gain < rl->val) {
+ rl->val = rl->burst;
+
+ return;
+ }
+
+ rl->val += gain;
+ rl->val = nghttp2_min(rl->val, rl->burst);
+}
+
+int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n) {
+ if (rl->val < n) {
+ return -1;
+ }
+
+ rl->val -= n;
+
+ return 0;
+}
diff --git a/lib/nghttp2_ratelim.h b/lib/nghttp2_ratelim.h
new file mode 100644
index 0000000..866ed3f
--- /dev/null
+++ b/lib/nghttp2_ratelim.h
@@ -0,0 +1,57 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGHTTP2_RATELIM_H
+#define NGHTTP2_RATELIM_H
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <nghttp2/nghttp2.h>
+
+typedef struct nghttp2_ratelim {
+ /* burst is the maximum value of val. */
+ uint64_t burst;
+ /* rate is the amount of value that is regenerated per 1 tstamp. */
+ uint64_t rate;
+ /* val is the amount of value available to drain. */
+ uint64_t val;
+ /* tstamp is the last timestamp in second resolution that is known
+ to this object. */
+ uint64_t tstamp;
+} nghttp2_ratelim;
+
+/* nghttp2_ratelim_init initializes |rl| with the given parameters. */
+void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate);
+
+/* nghttp2_ratelim_update updates rl->val with the current |tstamp|
+ given in second resolution. */
+void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp);
+
+/* nghttp2_ratelim_drain drains |n| from rl->val. It returns 0 if it
+ succeeds, or -1. */
+int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n);
+
+#endif /* NGHTTP2_RATELIM_H */
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index d877d01..2f83870 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -36,6 +36,7 @@
#include "nghttp2_option.h"
#include "nghttp2_http.h"
#include "nghttp2_pq.h"
+#include "nghttp2_time.h"
#include "nghttp2_debug.h"
/*
@@ -443,6 +444,10 @@ static int session_new(nghttp2_session **session_ptr,
NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS;
(*session_ptr)->pending_enable_push = 1;
+ nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim,
+ NGHTTP2_DEFAULT_STREAM_RESET_BURST,
+ NGHTTP2_DEFAULT_STREAM_RESET_RATE);
+
if (server) {
(*session_ptr)->server = 1;
}
@@ -527,6 +532,12 @@ static int session_new(nghttp2_session **session_ptr,
option->max_settings) {
(*session_ptr)->max_settings = option->max_settings;
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT) {
+ nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim,
+ option->stream_reset_burst,
+ option->stream_reset_rate);
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
@@ -4142,6 +4153,23 @@ static int session_process_priority_frame(nghttp2_session *session) {
return nghttp2_session_on_priority_received(session, frame);
}
+static int session_update_stream_reset_ratelim(nghttp2_session *session) {
+ if (!session->server || (session->goaway_flags & NGHTTP2_GOAWAY_SUBMITTED)) {
+ return 0;
+ }
+
+ nghttp2_ratelim_update(&session->stream_reset_ratelim,
+ nghttp2_time_now_sec());
+
+ if (nghttp2_ratelim_drain(&session->stream_reset_ratelim, 1) == 0) {
+ return 0;
+ }
+
+ return nghttp2_session_add_goaway(session, session->last_recv_stream_id,
+ NGHTTP2_INTERNAL_ERROR, NULL, 0,
+ NGHTTP2_GOAWAY_AUX_NONE);
+}
+
int nghttp2_session_on_rst_stream_received(nghttp2_session *session,
nghttp2_frame *frame) {
int rv;
@@ -4171,7 +4199,8 @@ int nghttp2_session_on_rst_stream_received(nghttp2_session *session,
if (nghttp2_is_fatal(rv)) {
return rv;
}
- return 0;
+
+ return session_update_stream_reset_ratelim(session);
}
static int session_process_rst_stream_frame(nghttp2_session *session) {
@@ -6942,6 +6971,9 @@ int nghttp2_session_add_goaway(nghttp2_session *session, int32_t last_stream_id,
nghttp2_mem_free(mem, item);
return rv;
}
+
+ session->goaway_flags |= NGHTTP2_GOAWAY_SUBMITTED;
+
return 0;
}
diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h
index 07bfbb6..9d42992 100644
--- a/lib/nghttp2_session.h
+++ b/lib/nghttp2_session.h
@@ -39,6 +39,7 @@
#include "nghttp2_buf.h"
#include "nghttp2_callbacks.h"
#include "nghttp2_mem.h"
+#include "nghttp2_ratelim.h"
/* The global variable for tests where we want to disable strict
preface handling. */
@@ -102,6 +103,10 @@ typedef struct {
/* The default value of maximum number of concurrent streams. */
#define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu
+/* The default values for stream reset rate limiter. */
+#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
+#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -176,7 +181,9 @@ typedef enum {
/* Flag means GOAWAY was sent */
NGHTTP2_GOAWAY_SENT = 0x4,
/* Flag means GOAWAY was received */
- NGHTTP2_GOAWAY_RECV = 0x8
+ NGHTTP2_GOAWAY_RECV = 0x8,
+ /* Flag means GOAWAY has been submitted at least once */
+ NGHTTP2_GOAWAY_SUBMITTED = 0x10
} nghttp2_goaway_flag;
/* nghttp2_inflight_settings stores the SETTINGS entries which local
@@ -227,6 +234,9 @@ struct nghttp2_session {
/* Queue of In-flight SETTINGS values. SETTINGS bearing ACK is not
considered as in-flight. */
nghttp2_inflight_settings *inflight_settings_head;
+ /* Stream reset rate limiter. If receiving excessive amount of
+ stream resets, GOAWAY will be sent. */
+ nghttp2_ratelim stream_reset_ratelim;
/* The number of outgoing streams. This will be capped by
remote_settings.max_concurrent_streams. */
size_t num_outgoing_streams;
diff --git a/lib/nghttp2_time.c b/lib/nghttp2_time.c
new file mode 100644
index 0000000..2a5f1a6
--- /dev/null
+++ b/lib/nghttp2_time.c
@@ -0,0 +1,62 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "nghttp2_time.h"
+
+#ifdef HAVE_TIME_H
+# include <time.h>
+#endif /* HAVE_TIME_H */
+
+#ifdef HAVE_SYSINFOAPI_H
+# include <sysinfoapi.h>
+#endif /* HAVE_SYSINFOAPI_H */
+
+#ifndef HAVE_GETTICKCOUNT64
+static uint64_t time_now_sec(void) {
+ time_t t = time(NULL);
+
+ if (t == -1) {
+ return 0;
+ }
+
+ return (uint64_t)t;
+}
+#endif /* HAVE_GETTICKCOUNT64 */
+
+#ifdef HAVE_CLOCK_GETTIME
+uint64_t nghttp2_time_now_sec(void) {
+ struct timespec tp;
+ int rv = clock_gettime(CLOCK_MONOTONIC, &tp);
+
+ if (rv == -1) {
+ return time_now_sec();
+ }
+
+ return (uint64_t)tp.tv_sec;
+}
+#elif defined(HAVE_GETTICKCOUNT64)
+uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; }
+#else /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */
+uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); }
+#endif /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */
diff --git a/lib/nghttp2_time.h b/lib/nghttp2_time.h
new file mode 100644
index 0000000..03c0bbe
--- /dev/null
+++ b/lib/nghttp2_time.h
@@ -0,0 +1,38 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGHTTP2_TIME_H
+#define NGHTTP2_TIME_H
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+#include <nghttp2/nghttp2.h>
+
+/* nghttp2_time_now_sec returns seconds from implementation-specific
+ timepoint. If it is unable to get seconds, it returns 0. */
+uint64_t nghttp2_time_now_sec(void);
+
+#endif /* NGHTTP2_TIME_H */
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 4250ac3..344c542 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -21,6 +21,7 @@ if(HAVE_CUNIT)
nghttp2_npn_test.c
nghttp2_helper_test.c
nghttp2_buf_test.c
+ nghttp2_ratelim_test.c
)
add_executable(main EXCLUDE_FROM_ALL
diff --git a/tests/Makefile.am b/tests/Makefile.am
index c3e4392..c130a00 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -40,14 +40,16 @@ OBJECTS = main.c nghttp2_pq_test.c nghttp2_map_test.c nghttp2_queue_test.c \
nghttp2_hd_test.c \
nghttp2_npn_test.c \
nghttp2_helper_test.c \
- nghttp2_buf_test.c
+ nghttp2_buf_test.c \
+ nghttp2_ratelim_test.c
HFILES = nghttp2_pq_test.h nghttp2_map_test.h nghttp2_queue_test.h \
nghttp2_session_test.h \
nghttp2_frame_test.h nghttp2_stream_test.h nghttp2_hd_test.h \
nghttp2_npn_test.h nghttp2_helper_test.h \
nghttp2_test_helper.h \
- nghttp2_buf_test.h
+ nghttp2_buf_test.h \
+ nghttp2_ratelim_test.h
main_SOURCES = $(HFILES) $(OBJECTS)
diff --git a/tests/main.c b/tests/main.c
index 67eb4a1..2605ebd 100644
--- a/tests/main.c
+++ b/tests/main.c
@@ -40,6 +40,7 @@
#include "nghttp2_npn_test.h"
#include "nghttp2_helper_test.h"
#include "nghttp2_buf_test.h"
+#include "nghttp2_ratelim_test.h"
extern int nghttp2_enable_strict_preface;
@@ -327,6 +328,8 @@ int main() {
test_nghttp2_session_no_closed_streams) ||
!CU_add_test(pSuite, "session_set_stream_user_data",
test_nghttp2_session_set_stream_user_data) ||
+ !CU_add_test(pSuite, "session_stream_reset_ratelim",
+ test_nghttp2_session_stream_reset_ratelim) ||
!CU_add_test(pSuite, "http_mandatory_headers",
test_nghttp2_http_mandatory_headers) ||
!CU_add_test(pSuite, "http_content_length",
@@ -423,7 +426,9 @@ int main() {
!CU_add_test(pSuite, "bufs_advance", test_nghttp2_bufs_advance) ||
!CU_add_test(pSuite, "bufs_next_present",
test_nghttp2_bufs_next_present) ||
- !CU_add_test(pSuite, "bufs_realloc", test_nghttp2_bufs_realloc)) {
+ !CU_add_test(pSuite, "bufs_realloc", test_nghttp2_bufs_realloc) ||
+ !CU_add_test(pSuite, "ratelim_update", test_nghttp2_ratelim_update) ||
+ !CU_add_test(pSuite, "ratelim_drain", test_nghttp2_ratelim_drain)) {
CU_cleanup_registry();
return (int)CU_get_error();
}
diff --git a/tests/nghttp2_ratelim_test.c b/tests/nghttp2_ratelim_test.c
new file mode 100644
index 0000000..6abece9
--- /dev/null
+++ b/tests/nghttp2_ratelim_test.c
@@ -0,0 +1,101 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#include "nghttp2_ratelim_test.h"
+
+#include <stdio.h>
+
+#include <CUnit/CUnit.h>
+
+#include "nghttp2_ratelim.h"
+
+void test_nghttp2_ratelim_update(void) {
+ nghttp2_ratelim rl;
+
+ nghttp2_ratelim_init(&rl, 1000, 21);
+
+ CU_ASSERT(1000 == rl.val);
+ CU_ASSERT(1000 == rl.burst);
+ CU_ASSERT(21 == rl.rate);
+ CU_ASSERT(0 == rl.tstamp);
+
+ nghttp2_ratelim_update(&rl, 999);
+
+ CU_ASSERT(1000 == rl.val);
+ CU_ASSERT(999 == rl.tstamp);
+
+ nghttp2_ratelim_drain(&rl, 100);
+
+ CU_ASSERT(900 == rl.val);
+
+ nghttp2_ratelim_update(&rl, 1000);
+
+ CU_ASSERT(921 == rl.val);
+
+ nghttp2_ratelim_update(&rl, 1002);
+
+ CU_ASSERT(963 == rl.val);
+
+ nghttp2_ratelim_update(&rl, 1004);
+
+ CU_ASSERT(1000 == rl.val);
+ CU_ASSERT(1004 == rl.tstamp);
+
+ /* timer skew */
+ nghttp2_ratelim_init(&rl, 1000, 21);
+ nghttp2_ratelim_update(&rl, 1);
+
+ CU_ASSERT(1000 == rl.val);
+
+ nghttp2_ratelim_update(&rl, 0);
+
+ CU_ASSERT(1000 == rl.val);
+
+ /* rate * duration overflow */
+ nghttp2_ratelim_init(&rl, 1000, 100);
+ nghttp2_ratelim_drain(&rl, 999);
+
+ CU_ASSERT(1 == rl.val);
+
+ nghttp2_ratelim_update(&rl, UINT64_MAX);
+
+ CU_ASSERT(1000 == rl.val);
+
+ /* val + rate * duration overflow */
+ nghttp2_ratelim_init(&rl, UINT64_MAX - 1, 2);
+ nghttp2_ratelim_update(&rl, 1);
+
+ CU_ASSERT(UINT64_MAX - 1 == rl.val);
+}
+
+void test_nghttp2_ratelim_drain(void) {
+ nghttp2_ratelim rl;
+
+ nghttp2_ratelim_init(&rl, 100, 7);
+
+ CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 101));
+ CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 51));
+ CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 49));
+ CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 1));
+}
diff --git a/tests/nghttp2_ratelim_test.h b/tests/nghttp2_ratelim_test.h
new file mode 100644
index 0000000..02b2f2b
--- /dev/null
+++ b/tests/nghttp2_ratelim_test.h
@@ -0,0 +1,35 @@
+/*
+ * nghttp2 - HTTP/2 C Library
+ *
+ * Copyright (c) 2023 nghttp2 contributors
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * "Software"), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be
+ * included in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+ * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+ * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+ * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+ */
+#ifndef NGHTTP2_RATELIM_TEST_H
+#define NGHTTP2_RATELIM_TEST_H
+
+#ifdef HAVE_CONFIG_H
+# include <config.h>
+#endif /* HAVE_CONFIG_H */
+
+void test_nghttp2_ratelim_update(void);
+void test_nghttp2_ratelim_drain(void);
+
+#endif /* NGHTTP2_RATELIM_TEST_H */
diff --git a/tests/nghttp2_session_test.c b/tests/nghttp2_session_test.c
index 5b80b0f..e5a0138 100644
--- a/tests/nghttp2_session_test.c
+++ b/tests/nghttp2_session_test.c
@@ -10988,6 +10988,109 @@ void test_nghttp2_session_set_stream_user_data(void) {
nghttp2_session_del(session);
}
+void test_nghttp2_session_stream_reset_ratelim(void) {
+ nghttp2_session *session;
+ nghttp2_session_callbacks callbacks;
+ nghttp2_frame frame;
+ ssize_t rv;
+ nghttp2_bufs bufs;
+ nghttp2_buf *buf;
+ nghttp2_mem *mem;
+ size_t i;
+ nghttp2_hd_deflater deflater;
+ size_t nvlen;
+ nghttp2_nv *nva;
+ int32_t stream_id;
+ nghttp2_outbound_item *item;
+ nghttp2_option *option;
+
+ mem = nghttp2_mem_default();
+ frame_pack_bufs_init(&bufs);
+
+ memset(&callbacks, 0, sizeof(nghttp2_session_callbacks));
+ callbacks.send_callback = null_send_callback;
+
+ nghttp2_option_new(&option);
+ nghttp2_option_set_stream_reset_rate_limit(
+ option, NGHTTP2_DEFAULT_STREAM_RESET_BURST, 0);
+
+ nghttp2_session_server_new2(&session, &callbacks, NULL, option);
+
+ nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, NULL, 0);
+ rv = nghttp2_frame_pack_settings(&bufs, &frame.settings);
+
+ CU_ASSERT(0 == rv);
+
+ nghttp2_frame_settings_free(&frame.settings, mem);
+
+ buf = &bufs.head->buf;
+ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf));
+
+ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv);
+
+ /* Send SETTINGS ACK */
+ rv = nghttp2_session_send(session);
+
+ CU_ASSERT(0 == rv);
+
+ nghttp2_hd_deflate_init(&deflater, mem);
+
+ for (i = 0; i < NGHTTP2_DEFAULT_STREAM_RESET_BURST + 2; ++i) {
+ stream_id = (int32_t)(i * 2 + 1);
+
+ nghttp2_bufs_reset(&bufs);
+
+ /* HEADERS */
+ nvlen = ARRLEN(reqnv);
+ nghttp2_nv_array_copy(&nva, reqnv, nvlen, mem);
+ nghttp2_frame_headers_init(&frame.headers, NGHTTP2_FLAG_END_HEADERS,
+ stream_id, NGHTTP2_HCAT_HEADERS, NULL, nva,
+ nvlen);
+ rv = nghttp2_frame_pack_headers(&bufs, &frame.headers, &deflater);
+
+ CU_ASSERT(0 == rv);
+
+ nghttp2_frame_headers_free(&frame.headers, mem);
+
+ buf = &bufs.head->buf;
+ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf));
+
+ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv);
+
+ nghttp2_bufs_reset(&bufs);
+
+ /* RST_STREAM */
+ nghttp2_frame_rst_stream_init(&frame.rst_stream, stream_id,
+ NGHTTP2_NO_ERROR);
+ nghttp2_frame_pack_rst_stream(&bufs, &frame.rst_stream);
+ nghttp2_frame_rst_stream_free(&frame.rst_stream);
+
+ buf = &bufs.head->buf;
+ rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf));
+
+ CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv);
+
+ if (i < NGHTTP2_DEFAULT_STREAM_RESET_BURST) {
+ CU_ASSERT(0 == nghttp2_outbound_queue_size(&session->ob_reg));
+
+ continue;
+ }
+
+ CU_ASSERT(1 == nghttp2_outbound_queue_size(&session->ob_reg));
+
+ item = nghttp2_session_get_next_ob_item(session);
+
+ CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type);
+ CU_ASSERT(NGHTTP2_DEFAULT_STREAM_RESET_BURST * 2 + 1 ==
+ item->frame.goaway.last_stream_id);
+ }
+
+ nghttp2_hd_deflate_free(&deflater);
+ nghttp2_session_del(session);
+ nghttp2_bufs_free(&bufs);
+ nghttp2_option_del(option);
+}
+
static void check_nghttp2_http_recv_headers_fail(
nghttp2_session *session, nghttp2_hd_deflater *deflater, int32_t stream_id,
int stream_state, const nghttp2_nv *nva, size_t nvlen) {
diff --git a/tests/nghttp2_session_test.h b/tests/nghttp2_session_test.h
index 818c808..fcbb987 100644
--- a/tests/nghttp2_session_test.h
+++ b/tests/nghttp2_session_test.h
@@ -161,6 +161,7 @@ void test_nghttp2_session_removed_closed_stream(void);
void test_nghttp2_session_pause_data(void);
void test_nghttp2_session_no_closed_streams(void);
void test_nghttp2_session_set_stream_user_data(void);
+void test_nghttp2_session_stream_reset_ratelim(void);
void test_nghttp2_http_mandatory_headers(void);
void test_nghttp2_http_content_length(void);
void test_nghttp2_http_content_length_mismatch(void);
--
2.27.0

103
backport-CVE-2024-28182-1.patch Normal file
View File

@ -0,0 +1,103 @@
From 00201ecd8f982da3b67d4f6868af72a1b03b14e0 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:26:42 +0900
Subject: [PATCH] Limit CONTINUATION frames following an incoming HEADER frame
---
lib/includes/nghttp2/nghttp2.h | 7 ++++++-
lib/nghttp2_helper.c | 2 ++
lib/nghttp2_session.c | 7 +++++++
lib/nghttp2_session.h | 10 ++++++++++
4 files changed, 25 insertions(+), 1 deletion(-)
diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
index 889176097d..a9629c7823 100644
--- a/lib/includes/nghttp2/nghttp2.h
+++ b/lib/includes/nghttp2/nghttp2.h
@@ -440,7 +440,12 @@ typedef enum {
* exhaustion on server side to send these frames forever and does
* not read network.
*/
- NGHTTP2_ERR_FLOODED = -904
+ NGHTTP2_ERR_FLOODED = -904,
+ /**
+ * When a local endpoint receives too many CONTINUATION frames
+ * following a HEADER frame.
+ */
+ NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
} nghttp2_error;
/**
diff --git a/lib/nghttp2_helper.c b/lib/nghttp2_helper.c
index 93dd4754b7..b3563d98e0 100644
--- a/lib/nghttp2_helper.c
+++ b/lib/nghttp2_helper.c
@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
"closed";
case NGHTTP2_ERR_TOO_MANY_SETTINGS:
return "SETTINGS frame contained more than the maximum allowed entries";
+ case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+ return "Too many CONTINUATION frames following a HEADER frame";
default:
return "Unknown error code";
}
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index ea4fcbec57..fc4c77a3f0 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -464,6 +464,7 @@ static int session_new(nghttp2_session **session_ptr,
(*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
(*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
(*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+ (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
if (option) {
if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
@@ -6288,6 +6289,8 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
}
session_inbound_frame_reset(session);
+
+ session->num_continuations = 0;
}
break;
}
@@ -6409,6 +6412,10 @@ nghttp2_ssize nghttp2_session_mem_recv2(nghttp2_session *session,
}
#endif /* DEBUGBUILD */
+ if (++session->num_continuations > session->max_continuations) {
+ return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+ }
+
readlen = inbound_frame_buf_read(iframe, in, last);
in += readlen;
diff --git a/lib/nghttp2_session.h b/lib/nghttp2_session.h
index b119329a04..ef8f7b27d6 100644
--- a/lib/nghttp2_session.h
+++ b/lib/nghttp2_session.h
@@ -107,6 +107,10 @@ typedef struct {
#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000
#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33
+/* The default max number of CONTINUATION frames following an incoming
+ HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
/* Internal state when receiving incoming frame */
typedef enum {
/* Receiving frame header */
@@ -279,6 +283,12 @@ struct nghttp2_session {
size_t max_send_header_block_length;
/* The maximum number of settings accepted per SETTINGS frame. */
size_t max_settings;
+ /* The maximum number of CONTINUATION frames following an incoming
+ HEADER frame. */
+ size_t max_continuations;
+ /* The number of CONTINUATION frames following an incoming HEADER
+ frame. This variable is reset when END_HEADERS flag is seen. */
+ size_t num_continuations;
/* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
uint32_t next_stream_id;
/* The last stream ID this session initiated. For client session,

98
backport-CVE-2024-28182-2.patch Normal file
View File

@ -0,0 +1,98 @@
From d71a4668c6bead55805d18810d633fbb98315af9 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH] Add nghttp2_option_set_max_continuations
---
doc/Makefile.am | 1 +
lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
lib/nghttp2_option.c | 5 +++++
lib/nghttp2_option.h | 5 +++++
lib/nghttp2_session.c | 4 ++++
5 files changed, 26 insertions(+)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index 51945e4f0b..50d57b2217 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -68,6 +68,7 @@ APIDOCS= \
nghttp2_option_set_no_recv_client_magic.rst \
nghttp2_option_set_peer_max_concurrent_streams.rst \
nghttp2_option_set_user_recv_extension_type.rst \
+ nghttp2_option_set_max_continuations.rst \
nghttp2_option_set_max_outbound_ack.rst \
nghttp2_option_set_max_settings.rst \
nghttp2_option_set_stream_reset_rate_limit.rst \
diff --git a/lib/includes/nghttp2/nghttp2.h b/lib/includes/nghttp2/nghttp2.h
index a9629c7823..92c3ccc6e4 100644
--- a/lib/includes/nghttp2/nghttp2.h
+++ b/lib/includes/nghttp2/nghttp2.h
@@ -2782,6 +2782,17 @@ NGHTTP2_EXTERN void
nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
uint64_t burst, uint64_t rate);
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
/**
* @function
*
diff --git a/lib/nghttp2_option.c b/lib/nghttp2_option.c
index 43d4e95229..53144b9b75 100644
--- a/lib/nghttp2_option.c
+++ b/lib/nghttp2_option.c
@@ -133,3 +133,8 @@ void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option,
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
diff --git a/lib/nghttp2_option.h b/lib/nghttp2_option.h
index 2259e1849d..c89cb97f8b 100644
--- a/lib/nghttp2_option.h
+++ b/lib/nghttp2_option.h
@@ -69,6 +69,7 @@ typedef enum {
NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11,
NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -96,6 +97,10 @@ struct nghttp2_option {
* NGHTTP2_OPT_MAX_SETTINGS
*/
size_t max_settings;
+ /**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
/**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
diff --git a/lib/nghttp2_session.c b/lib/nghttp2_session.c
index fc4c77a3f0..004a4dffaa 100644
--- a/lib/nghttp2_session.c
+++ b/lib/nghttp2_session.c
@@ -539,6 +539,10 @@ static int session_new(nghttp2_session **session_ptr,
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,

39
backport-Fix-build-error-when-both-clock_gettime-and-GetTickCount64.patch Normal file
View File

@ -0,0 +1,39 @@
From bf8f419ca9f2d8bce48591710aa25f08e3fc67f8 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Wed, 11 Oct 2023 17:19:05 +0900
Subject: [PATCH] Fix build error when both clock_gettime and GetTickCount64 are available
Conflict:NA
Reference:https://github.com/nghttp2/nghttp2/commit/bf8f419ca9f2d8bce48591710aa25f08e3fc67f8
---
lib/nghttp2_time.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/lib/nghttp2_time.c b/lib/nghttp2_time.c
index 2a5f1a6..dd5a655 100644
--- a/lib/nghttp2_time.c
+++ b/lib/nghttp2_time.c
@@ -44,7 +44,9 @@ static uint64_t time_now_sec(void) {
}
#endif /* HAVE_GETTICKCOUNT64 */
-#ifdef HAVE_CLOCK_GETTIME
+#ifdef HAVE_GETTICKCOUNT64
+uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; }
+#elif defined(HAVE_CLOCK_GETTIME)
uint64_t nghttp2_time_now_sec(void) {
struct timespec tp;
int rv = clock_gettime(CLOCK_MONOTONIC, &tp);
@@ -55,8 +57,6 @@ uint64_t nghttp2_time_now_sec(void) {
return (uint64_t)tp.tv_sec;
}
-#elif defined(HAVE_GETTICKCOUNT64)
-uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; }
#else /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */
uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); }
#endif /* !HAVE_CLOCK_GETTIME && !HAVE_GETTICKCOUNT64 */
--
2.33.0

441
backport-replace-the-use-of-strtoul-and-strtol-with-parse_uint.patch Normal file
View File

@ -0,0 +1,441 @@
From a4d12f2a71d80a21aa2d04baa2e4cd525aea517a Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Tue, 9 Aug 2022 19:27:22 +0900
Subject: [PATCH] Replace the use of strtoul and strtol with parse_uint
Replace the use of strtoul and strtol with parse_uint to fix the
handling of negative integer.
---
src/CMakeLists.txt | 2 ++
src/Makefile.am | 5 +++-
src/deflatehd.cc | 21 +++++++-------
src/h2load.cc | 69 +++++++++++++++++++++++++++++++--------------
src/nghttp.cc | 66 ++++++++++++++++++++++++++++---------------
src/nghttpd.cc | 33 ++++++++++++++--------
src/shrpx_config.cc | 20 -------------
7 files changed, 130 insertions(+), 86 deletions(-)
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 12e9e78..066e93c 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -207,6 +207,8 @@ if(ENABLE_HPACK_TOOLS)
set(deflatehd_SOURCES
deflatehd.cc
comp_helper.c
+ util.cc
+ timegm.c
)
add_executable(inflatehd ${inflatehd_SOURCES})
add_executable(deflatehd ${deflatehd_SOURCES})
diff --git a/src/Makefile.am b/src/Makefile.am
index 0382164..8221fa4 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -214,7 +214,10 @@ if ENABLE_HPACK_TOOLS
bin_PROGRAMS += inflatehd deflatehd
-HPACK_TOOLS_COMMON_SRCS = comp_helper.c comp_helper.h
+HPACK_TOOLS_COMMON_SRCS = \
+ comp_helper.c comp_helper.h \
+ util.cc util.h \
+ timegm.c timegm.h
inflatehd_SOURCES = inflatehd.cc $(HPACK_TOOLS_COMMON_SRCS)
diff --git a/src/deflatehd.cc b/src/deflatehd.cc
index 5d28e24..7dcfccf 100644
--- a/src/deflatehd.cc
+++ b/src/deflatehd.cc
@@ -45,6 +45,7 @@
#include "template.h"
#include "comp_helper.h"
+#include "util.h"
namespace nghttp2 {
@@ -381,8 +382,6 @@ constexpr static struct option long_options[] = {
{nullptr, 0, nullptr, 0}};
int main(int argc, char **argv) {
- char *end;
-
config.table_size = 4_k;
config.deflate_table_size = 4_k;
config.http1text = 0;
@@ -401,24 +400,26 @@ int main(int argc, char **argv) {
// --http1text
config.http1text = 1;
break;
- case 's':
+ case 's': {
// --table-size
- errno = 0;
- config.table_size = strtoul(optarg, &end, 10);
- if (errno == ERANGE || *end != '\0') {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
fprintf(stderr, "-s: Bad option value\n");
exit(EXIT_FAILURE);
}
+ config.table_size = n;
break;
- case 'S':
+ }
+ case 'S': {
// --deflate-table-size
- errno = 0;
- config.deflate_table_size = strtoul(optarg, &end, 10);
- if (errno == ERANGE || *end != '\0') {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
fprintf(stderr, "-S: Bad option value\n");
exit(EXIT_FAILURE);
}
+ config.deflate_table_size = n;
break;
+ }
case 'd':
// --dump-header-table
config.dump_header_table = 1;
diff --git a/src/h2load.cc b/src/h2load.cc
index 2f08cac..cacd584 100644
--- a/src/h2load.cc
+++ b/src/h2load.cc
@@ -2056,44 +2056,65 @@ int main(int argc, char **argv) {
break;
}
switch (c) {
- case 'n':
- config.nreqs = strtoul(optarg, nullptr, 10);
+ case 'n': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-n: bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.nreqs = n;
nreqs_set_manually = true;
break;
- case 'c':
- config.nclients = strtoul(optarg, nullptr, 10);
+ }
+ case 'c': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-c: bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.nclients = n;
break;
+ }
case 'd':
datafile = optarg;
break;
- case 't':
+ case 't': {
#ifdef NOTHREADS
std::cerr << "-t: WARNING: Threading disabled at build time, "
<< "no threads created." << std::endl;
#else
- config.nthreads = strtoul(optarg, nullptr, 10);
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-t: bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.nthreads = n;
#endif // NOTHREADS
break;
- case 'm':
- config.max_concurrent_streams = strtoul(optarg, nullptr, 10);
+ }
+ case 'm': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-m: bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.max_concurrent_streams = n;
break;
+ }
case 'w':
case 'W': {
- errno = 0;
- char *endptr = nullptr;
- auto n = strtoul(optarg, &endptr, 10);
- if (errno == 0 && *endptr == '\0' && n < 31) {
- if (c == 'w') {
- config.window_bits = n;
- } else {
- config.connection_window_bits = n;
- }
- } else {
+ auto n = util::parse_uint(optarg);
+ if (n == -1 || n > 30) {
std::cerr << "-" << static_cast<char>(c)
<< ": specify the integer in the range [0, 30], inclusive"
<< std::endl;
exit(EXIT_FAILURE);
}
+ if (c == 'w') {
+ config.window_bits = n;
+ } else {
+ config.connection_window_bits = n;
+ }
break;
}
case 'H': {
@@ -2138,14 +2159,20 @@ int main(int argc, char **argv) {
}
break;
}
- case 'r':
- config.rate = strtoul(optarg, nullptr, 10);
- if (config.rate == 0) {
+ case 'r': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-r: bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ if (n == 0) {
std::cerr << "-r: the rate at which connections are made "
<< "must be positive." << std::endl;
exit(EXIT_FAILURE);
}
+ config.rate = n;
break;
+ }
case 'T':
config.conn_active_timeout = util::parse_duration_with_unit(optarg);
if (!std::isfinite(config.conn_active_timeout)) {
diff --git a/src/nghttp.cc b/src/nghttp.cc
index 81e7ebe..5c40bb9 100644
--- a/src/nghttp.cc
+++ b/src/nghttp.cc
@@ -2811,33 +2811,43 @@ int main(int argc, char **argv) {
break;
}
switch (c) {
- case 'M':
+ case 'M': {
// peer-max-concurrent-streams option
- config.peer_max_concurrent_streams = strtoul(optarg, nullptr, 10);
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-M: Bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.peer_max_concurrent_streams = n;
break;
+ }
case 'O':
config.remote_name = true;
break;
case 'h':
print_help(std::cout);
exit(EXIT_SUCCESS);
- case 'b':
- config.padding = strtol(optarg, nullptr, 10);
+ case 'b': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-b: Bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.padding = n;
break;
+ }
case 'n':
config.null_out = true;
break;
case 'p': {
- errno = 0;
- auto n = strtoul(optarg, nullptr, 10);
- if (errno == 0 && NGHTTP2_MIN_WEIGHT <= n && n <= NGHTTP2_MAX_WEIGHT) {
- config.weight.push_back(n);
- } else {
+ auto n = util::parse_uint(optarg);
+ if (n == -1 || NGHTTP2_MIN_WEIGHT > n || n > NGHTTP2_MAX_WEIGHT) {
std::cerr << "-p: specify the integer in the range ["
<< NGHTTP2_MIN_WEIGHT << ", " << NGHTTP2_MAX_WEIGHT
<< "], inclusive" << std::endl;
exit(EXIT_FAILURE);
}
+ config.weight.push_back(n);
break;
}
case 'r':
@@ -2863,21 +2873,18 @@ int main(int argc, char **argv) {
break;
case 'w':
case 'W': {
- errno = 0;
- char *endptr = nullptr;
- unsigned long int n = strtoul(optarg, &endptr, 10);
- if (errno == 0 && *endptr == '\0' && n < 31) {
- if (c == 'w') {
- config.window_bits = n;
- } else {
- config.connection_window_bits = n;
- }
- } else {
+ auto n = util::parse_uint(optarg);
+ if (n == -1 || n > 30) {
std::cerr << "-" << static_cast<char>(c)
<< ": specify the integer in the range [0, 30], inclusive"
<< std::endl;
exit(EXIT_FAILURE);
}
+ if (c == 'w') {
+ config.window_bits = n;
+ } else {
+ config.connection_window_bits = n;
+ }
break;
}
case 'H': {
@@ -2918,9 +2925,15 @@ int main(int argc, char **argv) {
case 'd':
config.datafile = optarg;
break;
- case 'm':
- config.multiply = strtoul(optarg, nullptr, 10);
+ case 'm': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-m: Bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.multiply = n;
break;
+ }
case 'c': {
auto n = util::parse_uint_with_unit(optarg);
if (n == -1) {
@@ -3004,10 +3017,17 @@ int main(int argc, char **argv) {
// no-push option
config.no_push = true;
break;
- case 12:
+ case 12: {
// max-concurrent-streams option
- config.max_concurrent_streams = strtoul(optarg, nullptr, 10);
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "--max-concurrent-streams: Bad option value: " << optarg
+ << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.max_concurrent_streams = n;
break;
+ }
case 13:
// expect-continue option
config.expect_continue = true;
diff --git a/src/nghttpd.cc b/src/nghttpd.cc
index e223240..c89bfdb 100644
--- a/src/nghttpd.cc
+++ b/src/nghttpd.cc
@@ -245,9 +245,15 @@ int main(int argc, char **argv) {
case 'V':
config.verify_client = true;
break;
- case 'b':
- config.padding = strtol(optarg, nullptr, 10);
+ case 'b': {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
+ std::cerr << "-b: Bad option value: " << optarg << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.padding = n;
break;
+ }
case 'd':
config.htdocs = optarg;
break;
@@ -269,13 +275,12 @@ int main(int argc, char **argv) {
std::cerr << "-n: WARNING: Threading disabled at build time, "
<< "no threads created." << std::endl;
#else
- char *end;
- errno = 0;
- config.num_worker = strtoul(optarg, &end, 10);
- if (errno == ERANGE || *end != '\0' || config.num_worker == 0) {
+ auto n = util::parse_uint(optarg);
+ if (n == -1) {
std::cerr << "-n: Bad option value: " << optarg << std::endl;
exit(EXIT_FAILURE);
}
+ config.num_worker = n;
#endif // NOTHREADS
break;
}
@@ -306,10 +311,8 @@ int main(int argc, char **argv) {
break;
case 'w':
case 'W': {
- char *endptr;
- errno = 0;
- auto n = strtoul(optarg, &endptr, 10);
- if (errno != 0 || *endptr != '\0' || n >= 31) {
+ auto n = util::parse_uint(optarg);
+ if (n == -1 || n > 30) {
std::cerr << "-" << static_cast<char>(c)
<< ": specify the integer in the range [0, 30], inclusive"
<< std::endl;
@@ -419,7 +422,15 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE);
}
- config.port = strtol(argv[optind++], nullptr, 10);
+ {
+ auto portStr = argv[optind++];
+ auto n = util::parse_uint(portStr);
+ if (n == -1 || n > std::numeric_limits<uint16_t>::max()) {
+ std::cerr << "<PORT>: Bad value: " << portStr << std::endl;
+ exit(EXIT_FAILURE);
+ }
+ config.port = n;
+ }
if (!config.no_tls) {
config.private_key_file = argv[optind++];
diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc
index 769ad9b..0076ce5 100644
--- a/src/shrpx_config.cc
+++ b/src/shrpx_config.cc
@@ -352,26 +352,6 @@ int parse_uint_with_unit(T *dest, const StringRef &opt,
}
} // namespace
-// Parses |optarg| as signed integer. This requires |optarg| to be
-// NULL-terminated string.
-template <typename T>
-int parse_int(T *dest, const StringRef &opt, const char *optarg) {
- char *end = nullptr;
-
- errno = 0;
-
- auto val = strtol(optarg, &end, 10);
-
- if (!optarg[0] || errno != 0 || *end) {
- LOG(ERROR) << opt << ": bad value. Specify an integer.";
- return -1;
- }
-
- *dest = val;
-
- return 0;
-}
-
namespace {
// generated by gennghttpxfun.py
LogFragmentType log_var_lookup_token(const char *name, size_t namelen) {
--
2.27.0

42
nghttp2.spec
View File

@ -1,12 +1,19 @@
Name: nghttp2
Version: 1.41.0
Release: 1
Release: 6
Summary: Contains the HTTP/2 client, server and proxy programs.
License: MIT
URL: https://nghttp2.org/
Source0: https://github.com/nghttp2/nghttp2/releases/download/v%{version}/%{name}-%{version}.tar.xz
BuildRequires: CUnit-devel c-ares-devel gcc-c++ libev-devel openssl-devel
Patch0: backport-replace-the-use-of-strtoul-and-strtol-with-parse_uint.patch
Patch1: backport-CVE-2023-35945.patch
Patch2: backport-CVE-2023-44487.patch
Patch3: backport-Fix-build-error-when-both-clock_gettime-and-GetTickCount64.patch
Patch4: backport-CVE-2024-28182-1.patch
Patch5: backport-CVE-2024-28182-2.patch
BuildRequires: c-ares-devel gcc-c++ libev-devel openssl-devel automake
BuildRequires: python3-devel systemd-devel zlib-devel
Requires: libnghttp2 = %{version}-%{release}
@ -38,6 +45,7 @@ header files for %{name}
sed -e '1 s|^#!/.*python|&3|' -i script/fetch-ocsp-response
%build
autoreconf
%configure PYTHON=%{__python3} --disable-hpack-tools --disable-python-bindings\
--without-libxml2 --without-spdylay
%disable_rpath
@ -89,6 +97,36 @@ make %{?_smp_mflags} check
%{_mandir}/man1/*
%changelog
* Sun Apr 07 2024 lingsheng <lingsheng1@h-partners.com> - 1.41.0-6
- Type:CVE
- ID:CVE-2024-28182
- SUG:restart
- DESC:fix CVE-2024-28182
* Mon Oct 23 2023 xingwei <xingwei14@h-partners.com> - 1.41.0-5
- Type:CVE
- ID:CVE-2023-44487
- SUG:NA
- DESC:fix CVE-2023-44487 and build error
* Sat Jul 15 2023 wangye <wangye91@h-partners.com> - 1.41.0-4
- Type:cve
- ID:CVE-2023-35945
- SUG:NA
- DESC:fix CVE-2023-35945
* Fri Sep 02 2022 xingwei <xingwei14@h-partners.com> - 1.41.0-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:replace the use of strtoul and strol with parse_uint
* Fri Jan 15 2021 gaihuiying <gaihuiying1@huawei.com> - 1.41.0-2
- Type:requirement
- ID:NA
- SUG:NA
- DESC:remove cunit-devel dependency
* Wed Aug 26 2020 yuboyun <yuboyun@huawei.com> - 1.41.0-1
- Type:update
- ID:NA