bugfix: applied the patch for security advisory to NGINX cores < 1.14.1 and < 1.15.6 (CVE-2018-16843 CVE-2018-16844).

pull/524/head
Thibault Charbonnier 5 years ago committed by Thibault Charbonnier
parent d5f48a8b75
commit 80ba3892c6

@ -0,0 +1,81 @@
--- src/http/v2/ngx_http_v2.c
+++ src/http/v2/ngx_http_v2.c
@@ -662,6 +662,7 @@ ngx_http_v2_handle_connection(ngx_http_v2_connection_t *h2c)
h2c->pool = NULL;
h2c->free_frames = NULL;
+ h2c->frames = 0;
h2c->free_fake_connections = NULL;
#if (NGX_HTTP_SSL)
@@ -2895,7 +2896,7 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length,
frame->blocked = 0;
- } else {
+ } else if (h2c->frames < 10000) {
pool = h2c->pool ? h2c->pool : h2c->connection->pool;
frame = ngx_pcalloc(pool, sizeof(ngx_http_v2_out_frame_t));
@@ -2919,6 +2920,15 @@ ngx_http_v2_get_frame(ngx_http_v2_connection_t *h2c, size_t length,
frame->last = frame->first;
frame->handler = ngx_http_v2_frame_handler;
+
+ h2c->frames++;
+
+ } else {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "http2 flood detected");
+
+ h2c->connection->error = 1;
+ return NULL;
}
#if (NGX_DEBUG)
--- src/http/v2/ngx_http_v2.h
+++ src/http/v2/ngx_http_v2.h
@@ -120,6 +120,7 @@ struct ngx_http_v2_connection_s {
ngx_http_connection_t *http_connection;
ngx_uint_t processing;
+ ngx_uint_t frames;
ngx_uint_t pushing;
ngx_uint_t concurrent_pushes;
--- src/http/v2/ngx_http_v2.c
+++ src/http/v2/ngx_http_v2.c
@@ -4511,12 +4511,19 @@ ngx_http_v2_idle_handler(ngx_event_t *rev)
#endif
- c->destroyed = 0;
- ngx_reusable_connection(c, 0);
-
h2scf = ngx_http_get_module_srv_conf(h2c->http_connection->conf_ctx,
ngx_http_v2_module);
+ if (h2c->idle++ > 10 * h2scf->max_requests) {
+ ngx_log_error(NGX_LOG_INFO, h2c->connection->log, 0,
+ "http2 flood detected");
+ ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_NO_ERROR);
+ return;
+ }
+
+ c->destroyed = 0;
+ ngx_reusable_connection(c, 0);
+
h2c->pool = ngx_create_pool(h2scf->pool_size, h2c->connection->log);
if (h2c->pool == NULL) {
ngx_http_v2_finalize_connection(h2c, NGX_HTTP_V2_INTERNAL_ERROR);
--- src/http/v2/ngx_http_v2.h
+++ src/http/v2/ngx_http_v2.h
@@ -121,6 +121,7 @@ struct ngx_http_v2_connection_s {
ngx_uint_t processing;
ngx_uint_t frames;
+ ngx_uint_t idle;
ngx_uint_t pushing;
ngx_uint_t concurrent_pushes;

@ -404,6 +404,23 @@ if [ "$main_ver" = "1.13.6" ]; then
echo echo
fi fi
answer=`$root/util/ver-ge "$main_ver" 1.9.5`
if [ "$answer" = "Y" ]; then
answer=`$root/util/ver-ge "$main_ver" 1.14.1`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16843 CVE-2018-16844)"
patch -p0 < $root/patches/patch.2018.h2.txt || exit 1
echo
else
answer=`$root/util/ver-ge "$main_ver" 1.15.6`
if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16843 CVE-2018-16844)"
patch -p0 < $root/patches/patch.2018.h2.txt || exit 1
echo
fi
fi
fi
answer=`$root/util/ver-ge "$main_ver" 1.14.1` answer=`$root/util/ver-ge "$main_ver" 1.14.1`
if [ "$answer" = "N" ]; then if [ "$answer" = "N" ]; then
echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)" echo "$info_txt applying the patch for nginx security advisory (CVE-2018-16845)"

Loading…
Cancel
Save