path: root/meta-webserver/recipes-httpd/apache2/files/CVE-2018-1333.patch

From 83a2e3866918ce6567a683eb4c660688d047ee81 Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan.eissing@greenbytes.de>
Date: Wed, 18 Apr 2018 11:55:17 +0200
Subject: [PATCH]  * fixes a race condition where aborting streams triggers an
 unnecessary timeout.

Note: Re-factored upstream fix
https://github.com/icing/mod_h2/commit/83a2e3866918ce6567a683eb4c660688d047ee81,
so that it applies to httpd v2.4.27 code. Similarly done at
http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http2/h2_bucket_beam.c?r1=1828879&r2=1828878&pathrev=1828879

CVE: CVE-2018-1333
Upstream-Status: Backport [https://github.com/icing/mod_h2/commit/83a2e3866918ce6567a683eb4c660688d047ee81]

Signed-off-by: Jagadeesh Krishnanjanappa <jkrishnanjanappa@mvista.com>

diff -Naurp httpd-2.4.27_org/modules/http2/h2_bucket_beam.c httpd-2.4.27/modules/http2/h2_bucket_beam.c
--- httpd-2.4.27_org/modules/http2/h2_bucket_beam.c	2017-04-21 06:52:05.000000000 -0700
+++ httpd-2.4.27/modules/http2/h2_bucket_beam.c	2018-07-24 23:44:40.888330955 -0700
@@ -512,6 +512,7 @@ static void recv_buffer_cleanup(h2_bucke
         apr_brigade_destroy(bb);
         if (bl) enter_yellow(beam, bl);
         
+        apr_thread_cond_broadcast(beam->change);
         if (beam->cons_ev_cb) { 
             beam->cons_ev_cb(beam->cons_ctx, beam);
         }
@@ -685,12 +686,10 @@ void h2_beam_abort(h2_bucket_beam *beam)
     h2_beam_lock bl;
     
     if (enter_yellow(beam, &bl) == APR_SUCCESS) {
-        if (!beam->aborted) {
-            beam->aborted = 1;
-            r_purge_sent(beam);
-            h2_blist_cleanup(&beam->send_list);
-            report_consumption(beam, &bl);
-        }
+        beam->aborted = 1;
+        r_purge_sent(beam);
+        h2_blist_cleanup(&beam->send_list);
+        report_consumption(beam, &bl);
         if (beam->cond) {
             apr_thread_cond_broadcast(beam->cond);
         }