Resolves: #1585797 - http2: handle GOAWAY properly
This commit is contained in:
parent
73d6b73380
commit
67e93f67b8
137
0004-curl-7.59.0-http2-GOAWAY.patch
Normal file
137
0004-curl-7.59.0-http2-GOAWAY.patch
Normal file
@ -0,0 +1,137 @@
|
|||||||
|
From 84ddda3994c1f12d79946780dee9111b3cf1c308 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Daniel Stenberg <daniel@haxx.se>
|
||||||
|
Date: Thu, 19 Apr 2018 20:03:30 +0200
|
||||||
|
Subject: [PATCH] http2: handle GOAWAY properly
|
||||||
|
|
||||||
|
When receiving REFUSED_STREAM, mark the connection for close and retry
|
||||||
|
streams accordingly on another/fresh connection.
|
||||||
|
|
||||||
|
Reported-by: Terry Wu
|
||||||
|
Fixes #2416
|
||||||
|
Fixes #1618
|
||||||
|
Closes #2510
|
||||||
|
|
||||||
|
Upstream-commit: d122df5972fc01e39ae28e6bca705237d7e3318a
|
||||||
|
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
|
||||||
|
---
|
||||||
|
lib/http2.c | 17 ++++++++++++-----
|
||||||
|
lib/multi.c | 4 +++-
|
||||||
|
lib/transfer.c | 17 +++++++++++++++--
|
||||||
|
lib/urldata.h | 2 +-
|
||||||
|
4 files changed, 31 insertions(+), 9 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/lib/http2.c b/lib/http2.c
|
||||||
|
index b2c34e9..fba4d70 100644
|
||||||
|
--- a/lib/http2.c
|
||||||
|
+++ b/lib/http2.c
|
||||||
|
@@ -1078,7 +1078,6 @@ void Curl_http2_done(struct connectdata *conn, bool premature)
|
||||||
|
struct http_conn *httpc = &conn->proto.httpc;
|
||||||
|
|
||||||
|
if(http->header_recvbuf) {
|
||||||
|
- H2BUGF(infof(data, "free header_recvbuf!!\n"));
|
||||||
|
Curl_add_buffer_free(http->header_recvbuf);
|
||||||
|
http->header_recvbuf = NULL; /* clear the pointer */
|
||||||
|
Curl_add_buffer_free(http->trailer_recvbuf);
|
||||||
|
@@ -1351,7 +1350,15 @@ static ssize_t http2_handle_stream_close(struct connectdata *conn,
|
||||||
|
|
||||||
|
/* Reset to FALSE to prevent infinite loop in readwrite_data function. */
|
||||||
|
stream->closed = FALSE;
|
||||||
|
- if(httpc->error_code != NGHTTP2_NO_ERROR) {
|
||||||
|
+ if(httpc->error_code == NGHTTP2_REFUSED_STREAM) {
|
||||||
|
+ H2BUGF(infof(data, "REFUSED_STREAM (%d), try again on a new connection!\n",
|
||||||
|
+ stream->stream_id));
|
||||||
|
+ connclose(conn, "REFUSED_STREAM"); /* don't use this anymore */
|
||||||
|
+ data->state.refused_stream = TRUE;
|
||||||
|
+ *err = CURLE_RECV_ERROR; /* trigger Curl_retry_request() later */
|
||||||
|
+ return -1;
|
||||||
|
+ }
|
||||||
|
+ else if(httpc->error_code != NGHTTP2_NO_ERROR) {
|
||||||
|
failf(data, "HTTP/2 stream %u was not closed cleanly: %s (err %d)",
|
||||||
|
stream->stream_id, Curl_http2_strerror(httpc->error_code),
|
||||||
|
httpc->error_code);
|
||||||
|
@@ -1579,9 +1586,9 @@ static ssize_t http2_recv(struct connectdata *conn, int sockindex,
|
||||||
|
}
|
||||||
|
|
||||||
|
if(nread == 0) {
|
||||||
|
- failf(data, "Unexpected EOF");
|
||||||
|
- *err = CURLE_RECV_ERROR;
|
||||||
|
- return -1;
|
||||||
|
+ H2BUGF(infof(data, "end of stream\n"));
|
||||||
|
+ *err = CURLE_OK;
|
||||||
|
+ return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
H2BUGF(infof(data, "nread=%zd\n", nread));
|
||||||
|
diff --git a/lib/multi.c b/lib/multi.c
|
||||||
|
index 98e5fca..d69e5f9 100644
|
||||||
|
--- a/lib/multi.c
|
||||||
|
+++ b/lib/multi.c
|
||||||
|
@@ -541,7 +541,9 @@ static CURLcode multi_done(struct connectdata **connp,
|
||||||
|
if(conn->send_pipe.size || conn->recv_pipe.size) {
|
||||||
|
/* Stop if pipeline is not empty . */
|
||||||
|
data->easy_conn = NULL;
|
||||||
|
- DEBUGF(infof(data, "Connection still in use, no more multi_done now!\n"));
|
||||||
|
+ DEBUGF(infof(data, "Connection still in use %d/%d, "
|
||||||
|
+ "no more multi_done now!\n",
|
||||||
|
+ conn->send_pipe.size, conn->recv_pipe.size));
|
||||||
|
return CURLE_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff --git a/lib/transfer.c b/lib/transfer.c
|
||||||
|
index fd9af31..5c29cc9 100644
|
||||||
|
--- a/lib/transfer.c
|
||||||
|
+++ b/lib/transfer.c
|
||||||
|
@@ -1926,7 +1926,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||||
|
char **url)
|
||||||
|
{
|
||||||
|
struct Curl_easy *data = conn->data;
|
||||||
|
-
|
||||||
|
+ bool retry = FALSE;
|
||||||
|
*url = NULL;
|
||||||
|
|
||||||
|
/* if we're talking upload, we can't do the checks below, unless the protocol
|
||||||
|
@@ -1939,7 +1939,7 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||||
|
conn->bits.reuse &&
|
||||||
|
(!data->set.opt_no_body
|
||||||
|
|| (conn->handler->protocol & PROTO_FAMILY_HTTP)) &&
|
||||||
|
- (data->set.rtspreq != RTSPREQ_RECEIVE)) {
|
||||||
|
+ (data->set.rtspreq != RTSPREQ_RECEIVE))
|
||||||
|
/* We got no data, we attempted to re-use a connection. For HTTP this
|
||||||
|
can be a retry so we try again regardless if we expected a body.
|
||||||
|
For other protocols we only try again only if we expected a body.
|
||||||
|
@@ -1947,6 +1947,19 @@ CURLcode Curl_retry_request(struct connectdata *conn,
|
||||||
|
This might happen if the connection was left alive when we were
|
||||||
|
done using it before, but that was closed when we wanted to read from
|
||||||
|
it again. Bad luck. Retry the same request on a fresh connect! */
|
||||||
|
+ retry = TRUE;
|
||||||
|
+ else if(data->state.refused_stream &&
|
||||||
|
+ (data->req.bytecount + data->req.headerbytecount == 0) ) {
|
||||||
|
+ /* This was sent on a refused stream, safe to rerun. A refused stream
|
||||||
|
+ error can typically only happen on HTTP/2 level if the stream is safe
|
||||||
|
+ to issue again, but the nghttp2 API can deliver the message to other
|
||||||
|
+ streams as well, which is why this adds the check the data counters
|
||||||
|
+ too. */
|
||||||
|
+ infof(conn->data, "REFUSED_STREAM, retrying a fresh connect\n");
|
||||||
|
+ data->state.refused_stream = FALSE; /* clear again */
|
||||||
|
+ retry = TRUE;
|
||||||
|
+ }
|
||||||
|
+ if(retry) {
|
||||||
|
infof(conn->data, "Connection died, retrying a fresh connect\n");
|
||||||
|
*url = strdup(conn->data->change.url);
|
||||||
|
if(!*url)
|
||||||
|
diff --git a/lib/urldata.h b/lib/urldata.h
|
||||||
|
index 3d7b9e5..6a36ee9 100644
|
||||||
|
--- a/lib/urldata.h
|
||||||
|
+++ b/lib/urldata.h
|
||||||
|
@@ -1225,7 +1225,7 @@ struct UrlState {
|
||||||
|
curl_off_t current_speed; /* the ProgressShow() function sets this,
|
||||||
|
bytes / second */
|
||||||
|
bool this_is_a_follow; /* this is a followed Location: request */
|
||||||
|
-
|
||||||
|
+ bool refused_stream; /* this was refused, try again */
|
||||||
|
char *first_host; /* host name of the first (not followed) request.
|
||||||
|
if set, this should be the host name that we will
|
||||||
|
sent authorization to, no else. Used to make Location:
|
||||||
|
--
|
||||||
|
2.14.4
|
||||||
|
|
@ -1,7 +1,7 @@
|
|||||||
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
|
||||||
Name: curl
|
Name: curl
|
||||||
Version: 7.59.0
|
Version: 7.59.0
|
||||||
Release: 3%{?dist}
|
Release: 4%{?dist}
|
||||||
License: MIT
|
License: MIT
|
||||||
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
|
||||||
|
|
||||||
@ -14,6 +14,9 @@ Patch2: 0002-curl-7.59.0-CVE-2018-1000301.patch
|
|||||||
# fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
# fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
||||||
Patch3: 0003-curl-7.59.0-CVE-2018-1000300.patch
|
Patch3: 0003-curl-7.59.0-CVE-2018-1000300.patch
|
||||||
|
|
||||||
|
# http2: handle GOAWAY properly (#1585797)
|
||||||
|
Patch4: 0004-curl-7.59.0-http2-GOAWAY.patch
|
||||||
|
|
||||||
# patch making libcurl multilib ready
|
# patch making libcurl multilib ready
|
||||||
Patch101: 0101-curl-7.32.0-multilib.patch
|
Patch101: 0101-curl-7.32.0-multilib.patch
|
||||||
|
|
||||||
@ -163,6 +166,7 @@ be installed.
|
|||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
|
|
||||||
# Fedora patches
|
# Fedora patches
|
||||||
%patch101 -p1
|
%patch101 -p1
|
||||||
@ -308,6 +312,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
|
|||||||
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 05 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-4
|
||||||
|
- http2: handle GOAWAY properly (#1585797)
|
||||||
|
|
||||||
* Fri May 18 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
|
* Fri May 18 2018 Kamil Dudka <kdudka@redhat.com> - 7.59.0-3
|
||||||
- fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
- fix FTP shutdown response buffer overflow (CVE-2018-1000300)
|
||||||
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
|
- fix RTSP bad headers buffer over-read (CVE-2018-1000301)
|
||||||
|
Loading…
Reference in New Issue
Block a user