http2: fix underflow in http2 server push #197

mauri870 · 2023-10-15T23:58:02Z

After CL 534215 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

The func startPush calls runHandler without incrementing
curHandlers. Seems to only affect users of http.Pusher.

For golang/go#63511

After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. There is one place that calls runHandler without incrementing curHandlers. Seems to only affect http.Pusher. For golang/go#63511

gopherbot · 2023-10-16T00:08:11Z

This PR (HEAD: 249fe55) has been imported to Gerrit for code review.

Please visit Gerrit at https://go-review.googlesource.com/c/net/+/535595.

Important tips:

Don't comment on this PR. All discussion takes place in Gerrit.
You need a Gmail or other Google account to log in to Gerrit.
To change your code in response to feedback:
- Push a new commit to the branch used by your GitHub PR.
- A new "patch set" will then appear in Gerrit.
- Respond to each comment by marking as Done in Gerrit if implemented as suggested. You can alternatively write a reply.
- Critical: you must click the blue Reply button near the top to publish your Gerrit responses.
- Multiple commits in the PR will be squashed by GerritBot.
The title and description of the GitHub PR are used to construct the final commit message.
- Edit these as needed via the GitHub web interface (not via Gerrit or git).
- You should word wrap the PR description at ~76 characters unless you need longer lines (e.g., for tables or URLs).
See the Sending a change via GitHub and Reviews sections of the Contribution Guide as well as the FAQ for details.

gopherbot · 2023-10-16T00:29:19Z

Message from Mauri de Souza Meneguzzo:

Patch Set 2: Run-TryBot+1

Please don’t reply on this GitHub thread. Visit golang.org/cl/535595.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2023-10-16T00:36:17Z

Message from Gopher Robot:

Patch Set 2:

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/535595.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2023-10-16T00:36:18Z

Message from Gopher Robot:

Patch Set 2: TryBot-Result+1

(1 comment)

Please don’t reply on this GitHub thread. Visit golang.org/cl/535595.
After addressing review feedback, remember to publish your drafts!

gopherbot · 2023-10-20T15:04:15Z

Message from Dmitri Shuralyov:

Patch Set 2: Code-Review+1

Please don’t reply on this GitHub thread. Visit golang.org/cl/535595.
After addressing review feedback, remember to publish your drafts!

After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Mauri de Souza Meneguzzo <[email protected]>

gopherbot · 2023-10-23T20:46:16Z

This PR is being closed because golang.org/cl/535595 has been merged.

…push After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 For golang/go#63740 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Mauri de Souza Meneguzzo <[email protected]> (cherry picked from commit 37479d6) Reviewed-on: https://go-review.googlesource.com/c/net/+/537956 Reviewed-by: Dmitri Shuralyov <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>

…push After CL 534215 was merged to fix a CVE it introduced an underflow when we try to decrement sc.curHandlers in handlerDone. The func startPush calls runHandler without incrementing curHandlers. Seems to only affect users of http.Pusher. For golang/go#63511 For golang/go#63560 Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320 GitHub-Last-Rev: 249fe55 GitHub-Pull-Request: #197 Reviewed-on: https://go-review.googlesource.com/c/net/+/535595 Reviewed-by: Damien Neil <[email protected]> Reviewed-by: Dmitri Shuralyov <[email protected]> TryBot-Result: Gopher Robot <[email protected]> Run-TryBot: Mauri de Souza Meneguzzo <[email protected]> (cherry picked from commit 37479d6) Reviewed-on: https://go-review.googlesource.com/c/net/+/537957 Reviewed-by: Dmitri Shuralyov <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]> Auto-Submit: Dmitri Shuralyov <[email protected]>

gopherbot closed this Oct 23, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

http2: fix underflow in http2 server push #197

http2: fix underflow in http2 server push #197

mauri870 commented Oct 15, 2023 •

edited

Loading

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 20, 2023

gopherbot commented Oct 23, 2023

http2: fix underflow in http2 server push #197

http2: fix underflow in http2 server push #197

Conversation

mauri870 commented Oct 15, 2023 • edited Loading

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 16, 2023

gopherbot commented Oct 20, 2023

gopherbot commented Oct 23, 2023

mauri870 commented Oct 15, 2023 •

edited

Loading