File nghttp2-CVE-2024-28182-2.patch of Package nghttp2.33194
From 92f06389eb7d38d6e30da6996c3b702b2a006716 Mon Sep 17 00:00:00 2001
From: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com>
Date: Sat, 9 Mar 2024 16:48:10 +0900
Subject: [PATCH 2/2] Add nghttp2_option_set_max_continuations
---
doc/Makefile.am | 1 +
lib/includes/nghttp2/nghttp2.h | 11 +++++++++++
lib/nghttp2_option.c | 5 +++++
lib/nghttp2_option.h | 5 +++++
lib/nghttp2_session.c | 4 ++++
5 files changed, 26 insertions(+)
Index: nghttp2-1.40.0/lib/includes/nghttp2/nghttp2.h
===================================================================
--- nghttp2-1.40.0.orig/lib/includes/nghttp2/nghttp2.h
+++ nghttp2-1.40.0/lib/includes/nghttp2/nghttp2.h
@@ -2785,6 +2785,17 @@ nghttp2_option_set_stream_reset_rate_lim
/**
* @function
*
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame. If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed. The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+ size_t val);
+
+/**
+ * @function
+ *
* Like `nghttp2_session_server_new()`, but with additional options
* specified in the |option|.
*
Index: nghttp2-1.40.0/lib/nghttp2_option.c
===================================================================
--- nghttp2-1.40.0.orig/lib/nghttp2_option.c
+++ nghttp2-1.40.0/lib/nghttp2_option.c
@@ -133,3 +133,8 @@ void nghttp2_option_set_stream_reset_rat
option->stream_reset_burst = burst;
option->stream_reset_rate = rate;
}
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+ option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+ option->max_continuations = val;
+}
Index: nghttp2-1.40.0/lib/nghttp2_option.h
===================================================================
--- nghttp2-1.40.0.orig/lib/nghttp2_option.h
+++ nghttp2-1.40.0/lib/nghttp2_option.h
@@ -69,6 +69,7 @@ typedef enum {
NGHTTP2_OPT_MAX_OUTBOUND_ACK = 1 << 11,
NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15,
+ NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
} nghttp2_option_flag;
/**
@@ -97,6 +98,10 @@ struct nghttp2_option {
*/
size_t max_settings;
/**
+ * NGHTTP2_OPT_MAX_CONTINUATIONS
+ */
+ size_t max_continuations;
+ /**
* Bitwise OR of nghttp2_option_flag to determine that which fields
* are specified.
*/
Index: nghttp2-1.40.0/lib/nghttp2_session.c
===================================================================
--- nghttp2-1.40.0.orig/lib/nghttp2_session.c
+++ nghttp2-1.40.0/lib/nghttp2_session.c
@@ -539,6 +539,10 @@ static int session_new(nghttp2_session *
option->stream_reset_burst,
option->stream_reset_rate);
}
+
+ if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+ (*session_ptr)->max_continuations = option->max_continuations;
+ }
}
rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,