qbit/go
1
0
Fork 0
mirror of https://github.com/golang/go synced 2024-11-26 18:16:48 -07:00
Code Releases Activity

net/http: pull http2 underflow fix from x/net/http2

Browse Source 
After CL 534295 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

Pull in a fix from x/net/http2:
http2: fix underflow in http2 server push
https://go-review.googlesource.com/c/net/+/535595

Fixes #63511

Change-Id: I5c678ce7dcc53635f3ad5e4999857cb120dfc1ab
GitHub-Last-Rev: 587ffa3caf
GitHub-Pull-Request: golang/go#63561
Reviewed-on: https://go-review.googlesource.com/c/go/+/535575
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
This commit is contained in:
Mauri de Souza Meneguzzo 2023-10-26 01:52:57 +00:00 committed by Gopher Robot
parent 1af424c196
commit 0046c1414c
4 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/go.mod
View File

@ -4,7 +4,7 @@ go 1.22
require (
golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995
golang.org/x/net v0.17.1-0.20231011215812-d23d9bc54922
golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145
)
require (

4
src/go.sum
View File

@ -1,7 +1,7 @@
golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995 h1:fwu25/DhiXr/++jtzz2gHfC/FL/FimAGVxczaK4pjR8=
golang.org/x/crypto v0.14.1-0.20231011220222-8779cbd1c995/go.mod h1:aSyBXtGhRzSMdne9jbl3+PPMVS0IgOWF6Llc+HB5uUU=
golang.org/x/net v0.17.1-0.20231011215812-d23d9bc54922 h1:5dPkjItO/mhqL4dWOB/ERHdeNKAe0YXhUnCOLpn/nwI=
golang.org/x/net v0.17.1-0.20231011215812-d23d9bc54922/go.mod h1:ctp6Rq0w6YZwLQMXSCn4tot1uuoj9E9vKYJV26guPn4=
golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145 h1:b50rfQxeg+jm4ud87SAQt4escws56zdE+/rT1oKU4oU=
golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145/go.mod h1:ctp6Rq0w6YZwLQMXSCn4tot1uuoj9E9vKYJV26guPn4=
golang.org/x/sys v0.13.1-0.20231011215430-1bfbee0e20e3 h1:G9se7UpoI67yWrFY0IIFGf6H3nwLLUZFDBCyOJwWeSc=
golang.org/x/sys v0.13.1-0.20231011215430-1bfbee0e20e3/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/text v0.13.1-0.20231011215848-6c97a165dd66 h1:9Dyvhe9/DDm3upTpNNwowKgum0eUka4TBRU6uHiINKo=

1
src/net/http/h2_bundle.go
View File

@ -7004,6 +7004,7 @@ func (sc *http2serverConn) startPush(msg *http2startPushRequest) {
panic(fmt.Sprintf("newWriterAndRequestNoBody(%+v): %v", msg.url, err))
}
sc.curHandlers++
go sc.runHandler(rw, req, sc.handler.ServeHTTP)
return promisedID, nil
}

2
src/vendor/modules.txt vendored
View File

@ -7,7 +7,7 @@ golang.org/x/crypto/cryptobyte/asn1
golang.org/x/crypto/hkdf
golang.org/x/crypto/internal/alias
golang.org/x/crypto/internal/poly1305
# golang.org/x/net v0.17.1-0.20231011215812-d23d9bc54922
# golang.org/x/net v0.17.1-0.20231025180729-4c7a5b64f145
## explicit; go 1.18
golang.org/x/net/dns/dnsmessage
golang.org/x/net/http/httpguts