-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[release-branch.go1.11] http2: don't leak streams on broken body #28
Open
386898917
wants to merge
4
commits into
master
Choose a base branch
from
release-branch.go1.11
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+186
−22
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Updates golang/go#28673 Change-Id: I5d9a643f33d27d33b24f670c98f5a51aa6000967 GitHub-Last-Rev: 3ac4a57 GitHub-Pull-Request: #18 Reviewed-on: https://go-review.googlesource.com/c/132715 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> (cherry picked from commit 1c5f79c) Reviewed-on: https://go-review.googlesource.com/c/154237
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
|
…r FreeBSD 386 emulation On 11.2-RELEASE or above FreeBSD kernels, the breakage of routing message alignment for 386 emulation (see COMPAT_FREEBSD32 in sys/net/rtsock.c) is fixed. This change makes packages in the x/net repository work regardless of the kernel fix. Updates golang/go#31221 Change-Id: Ie71cc7dfb842c66225f96d1fb0e8cc5de7c47015 Reviewed-on: https://go-review.googlesource.com/c/139577 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> (cherry picked from commit 68fc911) Reviewed-on: https://go-review.googlesource.com/c/net/+/170617 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>
…ISTL test in 386 emulation (again) We are no longer able to use the kernel bug for detecting the execution of 386 emulation on 11.2-RELEASE or above kernels. This change uses a variable that holds the execution mode detected in init instead. Updates golang/go#31221 Change-Id: Ib6afdbc40ae1feb8caf040c64c4b01971efc6325 Reviewed-on: https://go-review.googlesource.com/c/139917 Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> (cherry picked from commit 146acd2) Reviewed-on: https://go-review.googlesource.com/c/net/+/170618 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>
…er send queue An attacker could cause servers to queue an unlimited number of PING ACKs or RST_STREAM frames by soliciting them and not reading them, until the program runs out of memory. Limit control frames in the queue to a few thousands (matching the limit imposed by other vendors) by counting as they enter and exit the scheduler, so the protection will work with any WriteScheduler. Once the limit is exceeded, close the connection, as we have no way to communicate with the peer. This addresses CVE-2019-9512 and CVE-2019-9514. Updates golang/go#33606 Change-Id: I842968fc6ed3eac654b497ade8cea86f7267886b Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/525552 Reviewed-by: Brad Fitzpatrick <bradfitz@google.com> (cherry picked from commit 589ad6cc5321fb68a90370348a241a5da0a2cc80) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526070 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updates golang/go#28673
Change-Id: I5d9a643f33d27d33b24f670c98f5a51aa6000967
GitHub-Last-Rev: 3ac4a57
GitHub-Pull-Request: #18
Reviewed-on: https://go-review.googlesource.com/c/132715
Run-TryBot: Brad Fitzpatrick bradfitz@golang.org
TryBot-Result: Gobot Gobot gobot@golang.org
Reviewed-by: Brad Fitzpatrick bradfitz@golang.org
(cherry picked from commit 1c5f79c)
Reviewed-on: https://go-review.googlesource.com/c/154237