diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-15 14:33:33 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-08-18 16:09:28 -0700 |
commit | 4e782c9deb03b58923f22e930ba1c5a778fbe4a5 (patch) | |
tree | 236846c70c9b1d3fe82d71d57fb2b8d9eb147d48 | |
parent | 27b7656cac8e03e321fbdd83053ea7819af4e029 (diff) | |
download | android-node-v8-4e782c9deb03b58923f22e930ba1c5a778fbe4a5.tar.gz android-node-v8-4e782c9deb03b58923f22e930ba1c5a778fbe4a5.tar.bz2 android-node-v8-4e782c9deb03b58923f22e930ba1c5a778fbe4a5.zip |
http2: remove security revert flags
As the comment in `node_revert.h` indicates, the master branch should
not provide security revert flags.
Refs: https://github.com/nodejs/node/pull/29122
PR-URL: https://github.com/nodejs/node/pull/29141
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
-rw-r--r-- | src/node_http2.cc | 18 | ||||
-rw-r--r-- | src/node_revert.h | 6 |
2 files changed, 4 insertions, 20 deletions
diff --git a/src/node_http2.cc b/src/node_http2.cc index 485d54880b..1065a940f5 100644 --- a/src/node_http2.cc +++ b/src/node_http2.cc @@ -151,9 +151,6 @@ Http2Options::Http2Options(Environment* env, nghttp2_session_type type) { buffer[IDX_OPTIONS_PEER_MAX_CONCURRENT_STREAMS]); } - if (IsReverted(SECURITY_REVERT_CVE_2019_9512)) - nghttp2_option_set_max_outbound_ack(options_, 10000); - // The padding strategy sets the mechanism by which we determine how much // additional frame padding to apply to DATA and HEADERS frames. Currently // this is set on a per-session basis, but eventually we may switch to @@ -919,10 +916,8 @@ int Http2Session::OnBeginHeadersCallback(nghttp2_session* handle, if (UNLIKELY(!session->CanAddStream() || Http2Stream::New(session, id, frame->headers.cat) == nullptr)) { - if (session->rejected_stream_count_++ > 100 && - !IsReverted(SECURITY_REVERT_CVE_2019_9514)) { + if (session->rejected_stream_count_++ > 100) return NGHTTP2_ERR_CALLBACK_FAILURE; - } // Too many concurrent streams being opened nghttp2_submit_rst_stream(**session, NGHTTP2_FLAG_NONE, id, NGHTTP2_ENHANCE_YOUR_CALM); @@ -1013,10 +1008,8 @@ int Http2Session::OnInvalidFrame(nghttp2_session* handle, Http2Session* session = static_cast<Http2Session*>(user_data); Debug(session, "invalid frame received, code: %d", lib_error_code); - if (session->invalid_frame_count_++ > 1000 && - !IsReverted(SECURITY_REVERT_CVE_2019_9514)) { + if (session->invalid_frame_count_++ > 1000) return 1; - } // If the error is fatal or if error code is ERR_STREAM_CLOSED... emit error if (nghttp2_is_fatal(lib_error_code) || @@ -1383,8 +1376,7 @@ int Http2Session::HandleDataFrame(const nghttp2_frame* frame) { if (!stream->IsDestroyed() && frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { stream->EmitRead(UV_EOF); - } else if (frame->hd.length == 0 && - !IsReverted(SECURITY_REVERT_CVE_2019_9518)) { + } else if (frame->hd.length == 0) { return 1; // Consider 0-length frame without END_STREAM an error. } return 0; @@ -2269,9 +2261,7 @@ bool Http2Stream::AddHeader(nghttp2_rcbuf* name, if (this->statistics_.first_header == 0) this->statistics_.first_header = uv_hrtime(); size_t name_len = nghttp2_rcbuf_get_buf(name).len; - if (name_len == 0 && !IsReverted(SECURITY_REVERT_CVE_2019_9516)) { - return true; // Ignore headers with empty names. - } + if (name_len == 0) return true; // Ignore headers with empty names. size_t value_len = nghttp2_rcbuf_get_buf(value).len; size_t length = name_len + value_len + 32; // A header can only be added if we have not exceeded the maximum number diff --git a/src/node_revert.h b/src/node_revert.h index 66161c9c9b..0f0c32412e 100644 --- a/src/node_revert.h +++ b/src/node_revert.h @@ -16,13 +16,7 @@ namespace node { #define SECURITY_REVERSIONS(XX) \ - XX(CVE_2019_9512, "CVE-2019-9512", "HTTP/2 Ping/Settings Flood") \ - XX(CVE_2019_9514, "CVE-2019-9514", "HTTP/2 Reset Flood") \ - XX(CVE_2019_9516, "CVE-2019-9516", "HTTP/2 0-Length Headers Leak") \ - XX(CVE_2019_9518, "CVE-2019-9518", "HTTP/2 Empty DATA Frame Flooding") \ // XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") - // TODO(addaleax): Remove all of the above before Node.js 13 as the comment - // at the start of the file indicates. enum reversion { #define V(code, ...) SECURITY_REVERT_##code, |