[Git][java-team/tomcat9][bullseye] Fixed the HTTP/2 overhead protection triggered on data frames
Emmanuel Bourg (@ebourg)
gitlab at salsa.debian.org
Thu Oct 12 16:33:26 BST 2023
Emmanuel Bourg pushed to branch bullseye at Debian Java Maintainers / tomcat9
Commits:
f5320201 by Emmanuel Bourg at 2023-10-12T17:33:12+02:00
Fixed the HTTP/2 overhead protection triggered on data frames
- - - - -
2 changed files:
- debian/changelog
- debian/patches/CVE-2023-44487.patch
Changes:
=====================================
debian/changelog
=====================================
@@ -1,3 +1,9 @@
+tomcat9 (9.0.43-2~deb11u8) bullseye-security; urgency=high
+
+ * Fixed the HTTP/2 overhead protection triggered on data frames
+
+ -- Emmanuel Bourg <ebourg at apache.org> Thu, 12 Oct 2023 17:32:21 +0200
+
tomcat9 (9.0.43-2~deb11u7) bullseye-security; urgency=high
* Fix CVE-2023-45648: Request smuggling. Tomcat did not correctly parse HTTP
=====================================
debian/patches/CVE-2023-44487.patch
=====================================
@@ -2,6 +2,7 @@ Description: Improvements to HTTP/2 overhead protection.
Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2e8da4daa23f1135c83
https://github.com/apache/tomcat/commit/94480483910f2d19561e88fb194d7b415bb527da
https://github.com/apache/tomcat/commit/3f0efca913b09fa3a3d9c246cc29045ac8a2befe
+ https://github.com/apache/tomcat/commit/c551ecaa1ba4ffe50a67009a9c94efb03439ae8b
https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a
--- a/java/org/apache/coyote/http2/Http2Protocol.java
+++ b/java/org/apache/coyote/http2/Http2Protocol.java
@@ -77,7 +78,7 @@ Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2
- private void reduceOverheadCount() {
- overheadCount.decrementAndGet();
-+ private void reduceOverheadCount(FrameType frameType) {
++ void reduceOverheadCount(FrameType frameType) {
+ // A non-overhead frame reduces the overhead count by
+ // Http2Protocol.DEFAULT_OVERHEAD_REDUCTION_FACTOR. A simple browser
+ // request is likely to have one non-overhead frame (HEADERS) and one
@@ -292,3 +293,15 @@ Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2
<attribute name="overheadDataThreshold" required="false">
<p>The threshold below which the average payload size of the current and
previous non-final <code>DATA</code> frames will trigger an increase in
+--- a/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
++++ b/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java
+@@ -203,6 +203,9 @@
+ log.debug(sm.getString("upgradeHandler.writeBody", connectionId, stream.getIdAsString(),
+ Integer.toString(len), Boolean.valueOf(finished)));
+ }
++
++ reduceOverheadCount(FrameType.DATA);
++
+ // Need to check this now since sending end of stream will change this.
+ boolean writeable = stream.canWrite();
+ byte[] header = new byte[9];
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/f532020119a5400255f30d7654f9ec594d8991d8
--
View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/f532020119a5400255f30d7654f9ec594d8991d8
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20231012/d2106b80/attachment.htm>
More information about the pkg-java-commits
mailing list