From: Jim Jagielski Date: Tue, 17 May 2022 18:19:36 +0000 (+0000) Subject: Merge r1900356 from trunk: X-Git-Tag: 2.4.54-rc1-candidate~60 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a7b9ab822f33c25f8ccfc7edf8c7b2e6725d7721;p=thirdparty%2Fapache%2Fhttpd.git Merge r1900356 from trunk: *) mod_http2: remove unused and insecure code. Fixes PR66037. Thanks to Ronald Crane (Zippenhop LLC) for reporting this. Submitted by: icing Reviewed by: jailletc36, icing, rpluem git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1901010 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index a8ef8240ef2..ff7a27f568d 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with Apache 2.4.54 + *) mod_http2: remove unused and insecure code. Fixes PR66037. + Thanks to Ronald Crane (Zippenhop LLC) for reporting this. + *) mod_http2: removing unscheduling of ongonig tasks when connection shows potential abuse by a client. This proved counter-productive and the abuse detection can false flag diff --git a/STATUS b/STATUS index 79b6c44bdf9..026bf94312c 100644 --- a/STATUS +++ b/STATUS @@ -148,12 +148,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - *) mod_http2: remove obsolete, insecure code. Fixes PR66037. - trunk patches: https://svn.apache.org/r1900356 - 2.4.x patches: svn merge -c 1900356 ^/httpd/httpd/trunk . - +1: jailletc36, icing, rpluem - icing: I just waited to see what you think! - *) core: make ap_escape_quotes() work correctly on strings with more than MAX_INT/2 characters, counting quotes double. trunk patch: https://svn.apache.org/r1899609 diff --git a/changes-entries/pr66037.txt b/changes-entries/pr66037.txt new file mode 100644 index 00000000000..7262ff28c01 --- /dev/null +++ b/changes-entries/pr66037.txt @@ -0,0 +1,3 @@ + *) mod_http2: remove unused and insecure code. Fixes PR66037. + Thanks to Ronald Crane (Zippenhop LLC) for reporting this. + [Stefan Eissing] \ No newline at end of file diff --git a/modules/http2/h2_util.c b/modules/http2/h2_util.c index 9b2b3de9682..9f924045c9a 100644 --- a/modules/http2/h2_util.c +++ b/modules/http2/h2_util.c @@ -75,26 +75,6 @@ size_t h2_util_hex_dump(char *buffer, size_t maxlen, return strlen(buffer); } -size_t h2_util_header_print(char *buffer, size_t maxlen, - const char *name, size_t namelen, - const char *value, size_t valuelen) -{ - size_t offset = 0; - size_t i; - for (i = 0; i < namelen && offset < maxlen; ++i, ++offset) { - buffer[offset] = name[i]; - } - for (i = 0; i < 2 && offset < maxlen; ++i, ++offset) { - buffer[offset] = ": "[i]; - } - for (i = 0; i < valuelen && offset < maxlen; ++i, ++offset) { - buffer[offset] = value[i]; - } - buffer[offset] = '\0'; - return offset; -} - - void h2_util_camel_case_header(char *s, size_t len) { size_t start = 1; diff --git a/modules/http2/h2_util.h b/modules/http2/h2_util.h index c96570e550b..5d4b299182c 100644 --- a/modules/http2/h2_util.h +++ b/modules/http2/h2_util.h @@ -28,10 +28,6 @@ struct nghttp2_frame; size_t h2_util_hex_dump(char *buffer, size_t maxlen, const char *data, size_t datalen); -size_t h2_util_header_print(char *buffer, size_t maxlen, - const char *name, size_t namelen, - const char *value, size_t valuelen); - void h2_util_camel_case_header(char *s, size_t len); int h2_util_frame_print(const nghttp2_frame *frame, char *buffer, size_t maxlen);