diff options
Diffstat (limited to 'user/nginx/CVE-2023-44487.patch')
-rw-r--r-- | user/nginx/CVE-2023-44487.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/user/nginx/CVE-2023-44487.patch b/user/nginx/CVE-2023-44487.patch new file mode 100644 index 000000000..180c7cb85 --- /dev/null +++ b/user/nginx/CVE-2023-44487.patch @@ -0,0 +1,52 @@ +Source: https://trac.nginx.org/nginx/changeset/cdda286c0f1b4b10f30d4eb6a63fefb9b8708ecc/nginx + +This patch was modified from upstream in the following way(s): + +* Update path so that the patch applies correctly +* dos2unix + +Index: src/http/v2/ngx_http_v2.c +=================================================================== +--- a/src/http/v2/ngx_http_v2.c (revision 9121) ++++ b/src/http/v2/ngx_http_v2.c (revision 9165) +@@ -348,4 +348,5 @@ + + h2c->blocked = 1; ++ h2c->new_streams = 0; + + if (c->close) { +@@ -1285,4 +1286,12 @@ + } + ++ if (h2c->new_streams++ >= 2 * h2scf->concurrent_streams) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many streams at once"); ++ ++ status = NGX_HTTP_V2_REFUSED_STREAM; ++ goto rst_stream; ++ } ++ + if (!h2c->settings_ack + && !(h2c->state.flags & NGX_HTTP_V2_END_STREAM_FLAG) +@@ -1349,4 +1358,10 @@ + + rst_stream: ++ ++ if (h2c->refused_streams++ > ngx_max(h2scf->concurrent_streams, 100)) { ++ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0, ++ "client sent too many refused streams"); ++ return ngx_http_v2_connection_error(h2c, NGX_HTTP_V2_NO_ERROR); ++ } + + if (ngx_http_v2_send_rst_stream(h2c, h2c->state.sid, status) != NGX_OK) { +Index: src/http/v2/ngx_http_v2.h +=================================================================== +--- a/src/http/v2/ngx_http_v2.h (revision 9121) ++++ b/src/http/v2/ngx_http_v2.h (revision 9165) +@@ -132,4 +132,6 @@ + ngx_uint_t frames; + ngx_uint_t idle; ++ ngx_uint_t new_streams; ++ ngx_uint_t refused_streams; + ngx_uint_t priority_limit; + |