aboutsummaryrefslogtreecommitdiffstats
path: root/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch
diff options
context:
space:
mode:
authorRahul Taya <Rahul.Taya@kpit.com>2021-02-25 13:02:59 +0530
committerArmin Kuster <akuster808@gmail.com>2021-03-16 08:40:06 -0700
commita8e3b20df3e1a97601bc54da9b2f1405c2056f7b (patch)
treede5142ff7be827982f4cd45e632212bb8aec5e2b /meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch
parent453bd7845fb4f9f67937b93bc7fd2275ca8f203b (diff)
downloadmeta-openembedded-a8e3b20df3e1a97601bc54da9b2f1405c2056f7b.tar.gz
meta-openembedded-a8e3b20df3e1a97601bc54da9b2f1405c2056f7b.tar.bz2
meta-openembedded-a8e3b20df3e1a97601bc54da9b2f1405c2056f7b.zip
nghttp2: Add fix for CVE-2020-11080
Added below two patches to fix CVE-2020-11080: 1. CVE-2020-11080-1.patch 2. CVE-2020-11080-2.patch Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com> [Refreshed patches to apply] Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch')
-rw-r--r--meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch31
1 files changed, 31 insertions, 0 deletions
diff --git a/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch
new file mode 100644
index 000000000..ca181bb4b
--- /dev/null
+++ b/meta-networking/recipes-support/nghttp2/nghttp2/CVE-2020-11080-1.patch
@@ -0,0 +1,31 @@
+From f8da73bd042f810f34d19f9eae02b46d870af394 Mon Sep 17 00:00:00 2001
+From: James M Snell <jasnell@gmail.com>
+Date: Sun, 19 Apr 2020 09:12:24 -0700
+Subject: [PATCH] Earlier check for settings flood
+
+CVE: CVE-2020-11080
+Upstream-Status: Backport [https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394.patch]
+Comment: No hunk refreshed
+Affects-version: < v1.41.0
+Signed-off-by: Rahul Taya <Rahul.Taya@kpit.com>
+---
+ lib/nghttp2_session.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+Index: nghttp2-1.40.0/lib/nghttp2_session.c
+===================================================================
+--- nghttp2-1.40.0.orig/lib/nghttp2_session.c
++++ nghttp2-1.40.0/lib/nghttp2_session.c
+@@ -5678,6 +5678,12 @@ ssize_t nghttp2_session_mem_recv(nghttp2
+ break;
+ }
+
++ /* Check the settings flood counter early to be safe */
++ if (session->obq_flood_counter_ >= session->max_outbound_ack &&
++ !(iframe->frame.hd.flags & NGHTTP2_FLAG_ACK)) {
++ return NGHTTP2_ERR_FLOODED;
++ }
++
+ iframe->state = NGHTTP2_IB_READ_SETTINGS;
+
+ if (iframe->payloadleft) {