Emmanuel Bourg pushed to branch bullseye at Debian Java Maintainers / tomcat9
Commits: f5320201 by Emmanuel Bourg at 2023-10-12T17:33:12+02:00 Fixed the HTTP/2 overhead protection triggered on data frames - - - - - 2 changed files: - debian/changelog - debian/patches/CVE-2023-44487.patch Changes: ===================================== debian/changelog ===================================== @@ -1,3 +1,9 @@ +tomcat9 (9.0.43-2~deb11u8) bullseye-security; urgency=high + + * Fixed the HTTP/2 overhead protection triggered on data frames + + -- Emmanuel Bourg <[email protected]> Thu, 12 Oct 2023 17:32:21 +0200 + tomcat9 (9.0.43-2~deb11u7) bullseye-security; urgency=high * Fix CVE-2023-45648: Request smuggling. Tomcat did not correctly parse HTTP ===================================== debian/patches/CVE-2023-44487.patch ===================================== @@ -2,6 +2,7 @@ Description: Improvements to HTTP/2 overhead protection. Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2e8da4daa23f1135c83 https://github.com/apache/tomcat/commit/94480483910f2d19561e88fb194d7b415bb527da https://github.com/apache/tomcat/commit/3f0efca913b09fa3a3d9c246cc29045ac8a2befe + https://github.com/apache/tomcat/commit/c551ecaa1ba4ffe50a67009a9c94efb03439ae8b https://github.com/apache/tomcat/commit/6d1a9fd6642387969e4410b9989c85856b74917a --- a/java/org/apache/coyote/http2/Http2Protocol.java +++ b/java/org/apache/coyote/http2/Http2Protocol.java @@ -77,7 +78,7 @@ Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2 - private void reduceOverheadCount() { - overheadCount.decrementAndGet(); -+ private void reduceOverheadCount(FrameType frameType) { ++ void reduceOverheadCount(FrameType frameType) { + // A non-overhead frame reduces the overhead count by + // Http2Protocol.DEFAULT_OVERHEAD_REDUCTION_FACTOR. A simple browser + // request is likely to have one non-overhead frame (HEADERS) and one @@ -292,3 +293,15 @@ Origin: backport, https://github.com/apache/tomcat/commit/30cae120a61f075b1712f2 <attribute name="overheadDataThreshold" required="false"> <p>The threshold below which the average payload size of the current and previous non-final <code>DATA</code> frames will trigger an increase in +--- a/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java ++++ b/java/org/apache/coyote/http2/Http2AsyncUpgradeHandler.java +@@ -203,6 +203,9 @@ + log.debug(sm.getString("upgradeHandler.writeBody", connectionId, stream.getIdAsString(), + Integer.toString(len), Boolean.valueOf(finished))); + } ++ ++ reduceOverheadCount(FrameType.DATA); ++ + // Need to check this now since sending end of stream will change this. + boolean writeable = stream.canWrite(); + byte[] header = new byte[9]; View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/f532020119a5400255f30d7654f9ec594d8991d8 -- View it on GitLab: https://salsa.debian.org/java-team/tomcat9/-/commit/f532020119a5400255f30d7654f9ec594d8991d8 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
