File tomcat-9.0.36-CVE-2024-24549.patch of Package tomcat.37354
Index: apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
===================================================================
--- apache-tomcat-9.0.36-src.orig/java/org/apache/coyote/http2/Http2Parser.java
+++ apache-tomcat-9.0.36-src/java/org/apache/coyote/http2/Http2Parser.java
@@ -270,6 +270,9 @@ class Http2Parser {
swallow(streamId, padLength, true, buffer);
+ // Validate the headers so far
+ hpackDecoder.getHeaderEmitter().validateHeaders();
+
if (Flags.isEndOfHeaders(flags)) {
onHeadersComplete(streamId);
} else {
@@ -437,6 +440,9 @@ class Http2Parser {
readHeaderPayload(streamId, payloadSize, buffer);
+ // Validate the headers so far
+ hpackDecoder.getHeaderEmitter().validateHeaders();
+
if (endOfHeaders) {
headersCurrentStream = -1;
onHeadersComplete(streamId);
@@ -586,11 +592,6 @@ class Http2Parser {
Http2Error.COMPRESSION_ERROR);
}
- // Delay validation (and triggering any exception) until this point
- // since all the headers still have to be read if a StreamException is
- // going to be thrown.
- hpackDecoder.getHeaderEmitter().validateHeaders();
-
synchronized (output) {
output.headersEnd(streamId);
Index: apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
===================================================================
--- apache-tomcat-9.0.36-src.orig/webapps/docs/changelog.xml
+++ apache-tomcat-9.0.36-src/webapps/docs/changelog.xml
@@ -165,6 +165,11 @@
entire request body and the server is ready the request body using
non-blocking I/O. (markt)
</fix>
+ <fix>
+ Improve error reporting to HTTP/2 clients for header processing errors
+ by reporting problems at the end of the frame where the error was
+ detected rather than at the end of the headers. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Jasper">
