Resolves: #1585797 - http2: handle GOAWAY properly
This commit is contained in:
Kamil Dudka
parent
73d6b73380
commit
67e93f67b8
137
0004-curl-7.59.0-http2-GOAWAY.patch
Normal file
137
0004-curl-7.59.0-http2-GOAWAY.patch
Normal file
@ -0,0 +1,137 @@
|
||||
From 84ddda3994c1f12d79946780dee9111b3cf1c308 Mon Sep 17 00:00:00 2001
|
||||
From: Daniel Stenberg <daniel@haxx.se>
|
||||
Date: Thu, 19 Apr 2018 20:03:30 +0200
|
||||
Subject: [PATCH] http2: handle GOAWAY properly
|
||||
|
||||
When receiving REFUSED_STREAM, mark the connection for close and retry
|
||||
streams accordingly on another/fresh connection.
|
||||
|
||||
Reported-by: Terry Wu
|
||||
Fixes #2416
|
||||
Fixes #1618
|
||||
Closes #2510
|
||||
|
||||
Upstream-commit: d122df5972fc01e39ae28e6bca705237d7e3318a
|
||||
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||
---
|
||||
lib/http2.c | 17 ++++++++++++-----
|
||||
lib/multi.c | 4 +++-
|
||||
lib/transfer.c | 17 +++++++++++++++--
|
||||
lib/urldata.h | 2 +-
|
||||
4 files changed, 31 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/lib/http2.c b/lib/http2.c
|
||||
index b2c34e9..fba4d70 100644
|
||||
--- a/lib/http2.c
|
||||
+++ b/lib/http2.c
|
||||
@@ -1078,7 +1078,6 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
|
||||
struct http_conn *httpc = &conn->proto.httpc;
|
||||
|
||||
if(http->header_recvbuf) {
|
||||
- H2BUGF(infof(data, "free header_recvbuf!!\n"));
|
||||
Curl_add_buffer_free(http->header_recvbuf);
|
||||
http->header_recvbuf = NULL; /* clear the pointer */
|
||||
Curl_add_buffer_free(http->trailer_recvbuf);
|
||||
@@ -1351,7 +1350,15 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
|
||||
|
||||
/* Reset to FALSE to prevent infinite loop in readwrite_data function. */
|
||||
stream->closed = FALSE;
|
||||
- if(httpc->error_code != NGHTTP2_NO_ERROR) {
|
||||
+ if(httpc->error_code == NGHTTP2_REFUSED_STREAM) {
|
||||
+ H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!\n",
|
||||
+ stream->stream_id));
|
||||
+ connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */
|
||||
+ data->state.refused_stream = TRUE;
|
||||
+ *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */
|
||||
+ return -1;
|
||||
+ }
|
||||
+ else if(httpc->error_code != NGHTTP2_NO_ERROR) {
|
||||
failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)",
|
||||
stream->stream_id, Curl_http2_strerror(httpc->error_code),
|
||||
httpc->error_code);
|
||||
@@ -1579,9 +1586,9 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
|
||||
}
|
||||
|
||||
if(nread == 0) {
|
||||
- failf(data, "Unexpected EOF");
|
||||
- *err = CURLE_RECV_ERROR;
|
||||
- return -1;
|
||||
+ H2BUGF(infof(data, "end of stream\n"));
|
||||
+ *err = CURLE_OK;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
H2BUGF(infof(data, "nread=%zd\n", nread));
|
||||
diff --git a/lib/multi.c b/lib/multi.c
|
||||
index 98e5fca..d69e5f9 100644
|
||||
--- a/lib/multi.c
|
||||
+++ b/lib/multi.c
|
||||
@@ -541,7 +541,9 @@ static CURLcode multi_done(struct connectdata **connp,
|
||||
if(conn->send_pipe.size || conn->recv_pipe.size) {
|
||||
/* Stop if pipeline is not empty . */
|
||||
data->easy_conn = NULL;
|
||||
- DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n"));
|
||||
+ DEBUGF(infof(data, "Connection still in use %d/%d, "
|
||||
+ "no more multi_done now!\n",
|
||||
+ conn->send_pipe.size, conn->recv_pipe.size));
|
||||
return CURLE_OK;
|
||||
}
|
||||
|
||||
diff --git a/lib/transfer.c b/lib/transfer.c
|
||||
index fd9af31..5c29cc9 100644
|
||||
--- a/lib/transfer.c
|
||||
+++ b/lib/transfer.c
|
||||
@@ -1926,7 +1926,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||
char **url)
|
||||
{
|
||||
struct Curl_easy *data = conn->data;
|
||||
-
|
||||
+ bool retry = FALSE;
|
||||
*url = NULL;
|
||||
|
||||
/* if we're talking upload, we can't do the checks below, unless the protocol
|
||||
@@ -1939,7 +1939,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||
conn->bits.reuse &&
|
||||
(!data->set.opt_no_body
|
||||
|| (conn->handler->protocol & PROTO_FAMILY_HTTP)) &&
|
||||
- (data->set.rtspreq != RTSPREQ_RECEIVE)) {
|
||||
+ (data->set.rtspreq != RTSPREQ_RECEIVE))
|
||||
/* We got no data, we attempted to re-use a connection. For HTTP this
|
||||
can be a retry so we try again regardless if we expected a body.
|
||||
For other protocols we only try again only if we expected a body.
|
||||
@@ -1947,6 +1947,19 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||
This might happen if the connection was left alive when we were
|
||||
done using it before, but that was closed when we wanted to read from
|
||||
it again. Bad luck. Retry the same request on a fresh connect! */
|
||||
+ retry = TRUE;
|
||||
+ else if(data->state.refused_stream &&
|
||||
+ (data->req.bytecount + data->req.headerbytecount == 0) ) {
|
||||
+ /* This was sent on a refused stream, safe to rerun. A refused stream
|
||||
+ error can typically only happen on HTTP/2 level if the stream is safe
|
||||
+ to issue again, but the nghttp2 API can deliver the message to other
|
||||
+ streams as well, which is why this adds the check the data counters
|
||||
+ too. */
|
||||
+ infof(conn->data, "REFUSED_STREAM, retrying a fresh connect\n");
|
||||
+ data->state.refused_stream = FALSE; /* clear again */
|
||||
+ retry = TRUE;
|
||||
+ }
|
||||
+ if(retry) {
|
||||
infof(conn->data, "Connection died, retrying a fresh connect\n");
|
||||
*url = strdup(conn->data->change.url);
|
||||
if(!*url)
|
||||
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||
index 3d7b9e5..6a36ee9 100644
|
||||
--- a/lib/urldata.h
|
||||
+++ b/lib/urldata.h
|
||||
@@ -1225,7 +1225,7 @@ struct UrlState {
|
||||
curl_off_t current_speed; /* the ProgressShow() function sets this,
|
||||
bytes / second */
|
||||
bool this_is_a_follow; /* this is a followed Location: request */
|
||||
-
|
||||
+ bool refused_stream; /* this was refused, try again */
|
||||
char *first_host; /* host name of the first (not followed) request.
|
||||
if set, this should be the host name that we will
|
||||
sent authorization to, no else. Used to make Location:
|
||||
--
|
||||
2.14.4
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||
Name: curl
|
||||
Version: 7.59.0
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: MIT
|
||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||
|
||||
@ -14,6 +14,9 @@ Patch2: 0002-curl-7.59.0-CVE-2018-1000301.patch
|
||||
# fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
||||
Patch3: 0003-curl-7.59.0-CVE-2018-1000300.patch
|
||||
|
||||
# http2: handle GOAWAY properly (#1585797)
|
||||
Patch4: 0004-curl-7.59.0-http2-GOAWAY.patch
|
||||
|
||||
# patch making libcurl multilib ready
|
||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||
|
||||
@ -163,6 +166,7 @@ be installed.
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
%patch4 -p1
|
||||
|
||||
# Fedora patches
|
||||
%patch101 -p1
|
||||
@ -308,6 +312,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||
|
||||
%changelog
|
||||
* Tue Jun 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-4
|
||||
- http2: handle GOAWAY properly (#1585797)
|
||||
|
||||
* Fri May 18 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
|
||||
- fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
||||
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user