CVE-2018-1333: mod_http2: Fix DoS

bee2facd · Stefan Fritsch · a0b6c402 · bee2facd · bee2facd · bee2facd
Commit bee2facd authored 6 years ago by Stefan Fritsch
--- a/debian/changelog
+++ b/debian/changelog
 apache2 (2.4.25-3+deb9u6) UNRELEASED; urgency=medium

+  * CVE-2018-1333: mod_http2: Fix DoS by worker exhaustion. Closes: #904106
  * mod_proxy_fcgi: Fix segfault. Closes: #902906

 -- Stefan Fritsch <sf@debian.org>  Sun, 28 Oct 2018 13:12:36 +0100

--- a/debian/patches/CVE-2018-1333-mod_http2_DoS.diff
+++ b/debian/patches/CVE-2018-1333-mod_http2_DoS.diff
+# https://svn.apache.org/viewvc?view=revision&revision=1832487
+# CVE-2018-1333
+--- apache2.orig/modules/http2/h2_bucket_beam.c
+++ apache2/modules/http2/h2_bucket_beam.c
+@@ -550,6 +550,7 @@ static void recv_buffer_cleanup(h2_bucke
+         apr_brigade_destroy(bb);
+         if (bl) enter_yellow(beam, bl);
+         
+        apr_thread_cond_broadcast(beam->change);
+         if (beam->cons_ev_cb) { 
+             beam->cons_ev_cb(beam->cons_ctx, beam);
+         }
+@@ -707,12 +708,10 @@ void h2_beam_abort(h2_bucket_beam *beam)
+     h2_beam_lock bl;
+     
+     if (beam && enter_yellow(beam, &bl) == APR_SUCCESS) {
+-        if (!beam->aborted) {
+-            beam->aborted = 1;
+-            r_purge_sent(beam);
+-            h2_blist_cleanup(&beam->send_list);
+-            report_consumption(beam, &bl);
+-        }
+        beam->aborted = 1;
+        r_purge_sent(beam);
+        h2_blist_cleanup(&beam->send_list);
+        report_consumption(beam, &bl);
+         apr_thread_cond_broadcast(beam->change);
+         leave_yellow(beam, &bl);
+     }
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,3 +28,4 @@ mod_http2-upgrade-to-2.4.33.diff
 mod_http2-revert-new-proxy-features.diff
 mod_http2_mem_usage_32bit.diff
 fcgi_crash.diff
+CVE-2018-1333-mod_http2_DoS.diff