Origin: https://github.com/apache/trafficserver/commit/
b82a3d192f995fb9d78e1c44d51d9acca4783277
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27577
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32565
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32566
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-32567
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-35474
Bug-Debian: https://bugs.debian.org/990303
* String the url fragment for outgoing requests (#7966)
Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit
2b13eb33794574e62249997b4ba654d943a10f2d)
* Ensure that the content-length value is only digits (#7964)
Co-authored-by: Susan Hinrichs <shinrich@verizonmedia.com>
(cherry picked from commit
668d0f8668fec1cd350b0ceba3f7f8e4020ae3ca)
* Schedule H2 reenable event only if it's necessary
Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
* Fix dynamic-stack-buffer-overflow of cachekey plugin (#7945)
* Fix dynamic-stack-buffer-overflow of cachekey plugin
* Check dst_size include null termination
(cherry picked from commit
5a9339d7bc65e1c2d8d2a0fc80bb051daf3cdb0b)
Co-authored-by: Bryan Call <bcall@apache.org>
Co-authored-by: Masakazu Kitajo <maskit@apache.org>
Co-authored-by: Katsutoshi Ikenoya <kikenoya@yahoo-corp.jp>
Co-authored-by: Masaori Koshiba <masaori@apache.org>
Gbp-Pq: Name 0018-Fixes-7971.patch
return;
}
- char tmp[len * 2];
+ char tmp[len * 3 + 1];
size_t written;
/* The default table does not encode the comma, so we need to use our own table here. */
int content_length_len = 0;
const char *content_length_val = content_length_field->value_get(&content_length_len);
+ // RFC 7230 section 3.3.2
+ // Content-Length = 1*DIGIT
+ //
+ // If the content-length value contains a non-numeric value, the header is invalid
+ for (int i = 0; i < content_length_len; i++) {
+ if (!isdigit(content_length_val[i])) {
+ Debug("http", "Content-Length value contains non-digit, returning parse error");
+ return PARSE_RESULT_ERROR;
+ }
+ }
+
while (content_length_field->has_dups()) {
int content_length_len_2 = 0;
const char *content_length_val_2 = content_length_field->m_next_dup->value_get(&content_length_len_2);
// HttpTransactHeaders::convert_request(outgoing_version, outgoing_request); // commented out this idea
+ URL *url = outgoing_request->url_get();
+ // Remove fragment from upstream URL
+ url->fragment_set(NULL, 0);
+
// Check whether a Host header field is missing from a 1.0 or 1.1 request.
if (outgoing_version != HTTPVersion(0, 9) && !outgoing_request->presence(MIME_PRESENCE_HOST)) {
- URL *url = outgoing_request->url_get();
int host_len;
const char *host = url->host_get(&host_len);
void
Http2ClientSession::free()
{
- if (this->_reenable_event) {
- this->_reenable_event->cancel();
- this->_reenable_event = nullptr;
- }
-
if (h2_pushed_urls) {
this->h2_pushed_urls = ink_hash_table_destroy(this->h2_pushed_urls);
}
REMEMBER(NO_EVENT, this->recursion)
Http2SsnDebug("session free");
+ if (this->_reenable_event) {
+ this->_reenable_event->cancel();
+ this->_reenable_event = nullptr;
+ }
+
// Don't free active ProxySession
ink_release_assert(is_active() == false);
bool
Http2ClientSession::_should_do_something_else()
{
- // Do something else every 128 incoming frames
- return (this->_n_frame_read & 0x7F) == 0;
+ // Do something else every 128 incoming frames if connection state isn't closed
+ return (this->_n_frame_read & 0x7F) == 0 && !connection_state.is_state_closed();
}
int64_t
//
size_t out_len = len_in + 2 * count;
- if (dst && out_len > dst_size) {
+ if (dst && (out_len + 1) > dst_size) {
*len_out = 0;
return nullptr;
}
projects / trafficserver.git / commitdiff