http2: fix double free due to handling of rst_stream with cancel code by kumarak · Pull Request #39423 · nodejs/node
added
c++
labels
Jul 18, 2021
kumarak
changed the title
http2: fix double free due to handle of RST_STREAM
http2: fix double free due to handling of RST_STREAM with cancel code
kumarak
changed the title
http2: fix double free due to handling of RST_STREAM with cancel code
http2: fix double free due to handling of rst_stream
kumarak
changed the title
http2: fix double free due to handling of rst_stream
http2: fix double free due to handling of rst_stream with cancel code
http2: add checks to update the pending list if stream received in scope
mcollina pushed a commit that referenced this pull request
Jul 20, 2021targos pushed a commit that referenced this pull request
Jul 20, 2021richardlau pushed a commit that referenced this pull request
Jul 23, 2021richardlau pushed a commit that referenced this pull request
Jul 23, 2021richardlau pushed a commit that referenced this pull request
Jul 27, 2021richardlau pushed a commit that referenced this pull request
Jul 27, 2021richardlau pushed a commit that referenced this pull request
Jul 28, 2021BethGriggs pushed a commit that referenced this pull request
Jul 29, 2021BethGriggs added a commit that referenced this pull request
Jul 29, 2021
This is a security release. Notable Changes: - CVE-2021-22930: Use after free on close http2 on stream canceling (High) [#39423](#39423) - (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso) [#39470](#39470) - inspector: mark as stable (Gireesh Punathil) [#37748](#37748) - (SEMVER-MINOR) perf_hooks: web performance timeline compliance (legendecas) [#39297](#39297) - punycode: add pending deprecation (Antoine du Hamel) [#38444](#38444) - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) [#34733](#34733) PR-URL: #39534
BethGriggs added a commit that referenced this pull request
Jul 29, 2021
This is a security release. Notable Changes: - CVE-2021-22930: Use after free on close http2 on stream canceling (High) [#39423](#39423) - (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso) [#39470](#39470) - inspector: mark as stable (Gireesh Punathil) [#37748](#37748) - (SEMVER-MINOR) perf_hooks: web performance timeline compliance (legendecas) [#39297](#39297) - punycode: add pending deprecation (Antoine du Hamel) [#38444](#38444) - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) [#34733](#34733) PR-URL: #39534
BethGriggs added a commit that referenced this pull request
Jul 29, 2021
This is a security release. Notable Changes: - CVE-2021-22930: Use after free on close http2 on stream canceling (High) [#39423](#39423) - (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso) [#39470](#39470) - inspector: mark as stable (Gireesh Punathil) [#37748](#37748) - punycode: add pending deprecation (Antoine du Hamel) [#38444](#38444) - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) [#34733](#34733) PR-URL: #39534
BethGriggs added a commit that referenced this pull request
Jul 29, 2021
This is a security release. Notable Changes: - CVE-2021-22930: Use after free on close http2 on stream canceling (High) [#39423](#39423) - (SEMVER-MINOR) deps: update V8 to 9.2.230.21 (Michaël Zasso) [#39470](#39470) - inspector: mark as stable (Gireesh Punathil) [#37748](#37748) - punycode: add pending deprecation (Antoine du Hamel) [#38444](#38444) - (SEMVER-MINOR) repl: enable --experimental-repl-await /w opt-out (hemanth.hm) [#34733](#34733) PR-URL: #39534
BethGriggs pushed a commit that referenced this pull request
Aug 6, 2021
The PR updates the handling of rst_stream frames and adds all streams to the pending list on receiving rst frames with the error code NGHTTP2_CANCEL. The changes will remove dependency on the stream state that may allow bypassing the checks in certain cases. I think a better solution is to delay streams in all cases if rst_stream is received for the cancel events. The rst_stream frames can be received for protocol/connection error as well it should be handled immediately. Adding streams to the pending list in such cases may cause errors. PR-URL: #39622 Refs: #39423 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
BethGriggs pushed a commit that referenced this pull request
Aug 6, 2021foxxyz pushed a commit to foxxyz/node that referenced this pull request
Oct 18, 2021
PR-URL: nodejs#39423 Fixes: nodejs#38964 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
foxxyz pushed a commit to foxxyz/node that referenced this pull request
Oct 18, 2021
The PR updates the handling of rst_stream frames and adds all streams to the pending list on receiving rst frames with the error code NGHTTP2_CANCEL. The changes will remove dependency on the stream state that may allow bypassing the checks in certain cases. I think a better solution is to delay streams in all cases if rst_stream is received for the cancel events. The rst_stream frames can be received for protocol/connection error as well it should be handled immediately. Adding streams to the pending list in such cases may cause errors. CVE-ID: CVE-2021-22930 Refs: https://nvd.nist.gov/vuln/detail/CVE-2021-22930 PR-URL: nodejs#39622 Refs: nodejs#39423 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
foxxyz pushed a commit to foxxyz/node that referenced this pull request
Oct 18, 2021
PR-URL: nodejs#39622 Refs: nodejs#39423 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Beth Griggs <bgriggs@redhat.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters