首页 开源 资讯 活动 开源许可证
软件工程云服务
软件代码质量检测云服务 持续集成与部署云服务 社区个性化内容推荐服务 贡献审阅人推荐服务 群体化学习服务 重睛鸟代码扫描工具
Watch 1 Star 0 Fork 63

归终的鹤望兰/curl

forked from src-openEuler/curl 
代码 Issues 0 Pull Requests 0 Wiki 0 统计
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
backport-CVE-2024-2398.patch 3.25 KB
一键复制 编辑 原始数据 按行查看 历史
sherlock2010 提交于 2024-04-01 07:40 . fix CVE-2024-2004 CVE-2024-2398
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596
From deca8039991886a559b67bcd6701db800a5cf764 Mon Sep 17 00:00:00 2001

From: Stefan Eissing <stefan@eissing.org>

Date: Wed, 6 Mar 2024 09:36:08 +0100

Subject: [PATCH] http2: push headers better cleanup



- provide common cleanup method for push headers



Closes #13054



Conflict:struct h2_stream_ctx *stream => struct stream_ctx *stream

Context adapt

Reference:https://github.com/curl/curl/commit/deca8039991886a559b67bcd6701db800a5cf764

---

 lib/http2.c | 34 +++++++++++++++-------------------

 1 file changed, 15 insertions(+), 19 deletions(-)



diff --git a/lib/http2.c b/lib/http2.c

index c63ecd383..96868728a 100644

--- a/lib/http2.c

+++ b/lib/http2.c

@@ -271,6 +271,15 @@ static CURLcode http2_data_setup(struct Curl_cfilter *cf,

   return CURLE_OK;

 }

 

+static void free_push_headers(struct stream_ctx *stream)

+{

+  size_t i;

+  for(i = 0; i<stream->push_headers_used; i++)

+    free(stream->push_headers[i]);

+  Curl_safefree(stream->push_headers);

+  stream->push_headers_used = 0;

+}

+

 static void http2_data_done(struct Curl_cfilter *cf,

                             struct Curl_easy *data, bool premature)

 {

@@ -306,15 +315,7 @@ static void http2_data_done(struct Curl_cfilter *cf,

   Curl_bufq_free(&stream->recvbuf);

   Curl_h1_req_parse_free(&stream->h1);

   Curl_dynhds_free(&stream->resp_trailers);

-  if(stream->push_headers) {

-    /* if they weren't used and then freed before */

-    for(; stream->push_headers_used > 0; --stream->push_headers_used) {

-      free(stream->push_headers[stream->push_headers_used - 1]);

-    }

-    free(stream->push_headers);

-    stream->push_headers = NULL;

-  }

-

+  free_push_headers(stream);

   free(stream);

   H2_STREAM_LCTX(data) = NULL;

 }

@@ -860,7 +861,6 @@ static int push_promise(struct Curl_cfilter *cf,

     struct curl_pushheaders heads;

     CURLMcode rc;

     CURLcode result;

-    size_t i;

     /* clone the parent */

     struct Curl_easy *newhandle = h2_duphandle(cf, data);

     if(!newhandle) {

@@ -905,11 +905,7 @@ static int push_promise(struct Curl_cfilter *cf,

     Curl_set_in_callback(data, false);

 

     /* free the headers again */

-    for(i = 0; i<stream->push_headers_used; i++)

-      free(stream->push_headers[i]);

-    free(stream->push_headers);

-    stream->push_headers = NULL;

-    stream->push_headers_used = 0;

+    free_push_headers(stream);

 

     if(rv) {

       DEBUGASSERT((rv > CURL_PUSH_OK) && (rv <= CURL_PUSH_ERROROUT));

@@ -1430,14 +1426,14 @@ static int on_header(nghttp2_session *session, const nghttp2_frame *frame,

       if(stream->push_headers_alloc > 1000) {

         /* this is beyond crazy many headers, bail out */

         failf(data_s, "Too many PUSH_PROMISE headers");

-        Curl_safefree(stream->push_headers);

+        free_push_headers(stream);

         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;

       }

       stream->push_headers_alloc *= 2;

-      headp = Curl_saferealloc(stream->push_headers,

-                               stream->push_headers_alloc * sizeof(char *));

+      headp = realloc(stream->push_headers,

+                      stream->push_headers_alloc * sizeof(char *));

       if(!headp) {

-        stream->push_headers = NULL;

+        free_push_headers(stream);

         return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE;

       }

       stream->push_headers = headp;

-- 

2.33.0
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化