[release-branch.go1.11] http2: don't leak streams on broken body #28

386898917 · 2018-12-29T06:20:40Z

Change-Id: I5d9a643f33d27d33b24f670c98f5a51aa6000967
GitHub-Last-Rev: 3ac4a57
GitHub-Pull-Request: #18
Reviewed-on: https://go-review.googlesource.com/c/132715
Run-TryBot: Brad Fitzpatrick bradfitz@golang.org
TryBot-Result: Gobot Gobot gobot@golang.org
Reviewed-by: Brad Fitzpatrick bradfitz@golang.org
(cherry picked from commit 1c5f79c)
Reviewed-on: https://go-review.googlesource.com/c/154237

Updates golang/go#28673 Change-Id: I5d9a643f33d27d33b24f670c98f5a51aa6000967 GitHub-Last-Rev: 3ac4a57 GitHub-Pull-Request: #18 Reviewed-on: https://go-review.googlesource.com/c/132715 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> (cherry picked from commit 1c5f79c) Reviewed-on: https://go-review.googlesource.com/c/154237

googlebot · 2018-12-29T06:20:44Z

Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

📝 Please visit https://cla.developers.google.com/ to sign.

Once you've signed (or fixed any issues), please reply here (e.g. I signed it!) and we'll verify it.

What to do if you already signed the CLA

Individual signers

It's possible we don't have your GitHub username or you're using a different email address on your commit. Check your existing CLA data and verify that your email is set on your git commits.

Corporate signers

Your company has a Point of Contact who decides which employees are authorized to participate. Ask your POC to be added to the group of authorized contributors. If you don't know who your Point of Contact is, direct the Google project maintainer to go/cla#troubleshoot (Public version).
The email used to register you as an authorized contributor must be the email used for the Git commit. Check your existing CLA data and verify that your email is set on your git commits.
The email used to register you as an authorized contributor must also be attached to your GitHub account.

…r FreeBSD 386 emulation On 11.2-RELEASE or above FreeBSD kernels, the breakage of routing message alignment for 386 emulation (see COMPAT_FREEBSD32 in sys/net/rtsock.c) is fixed. This change makes packages in the x/net repository work regardless of the kernel fix. Updates golang/go#31221 Change-Id: Ie71cc7dfb842c66225f96d1fb0e8cc5de7c47015 Reviewed-on: https://go-review.googlesource.com/c/139577 Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org> (cherry picked from commit 68fc911) Reviewed-on: https://go-review.googlesource.com/c/net/+/170617 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org>

…ISTL test in 386 emulation (again) We are no longer able to use the kernel bug for detecting the execution of 386 emulation on 11.2-RELEASE or above kernels. This change uses a variable that holds the execution mode detected in init instead. Updates golang/go#31221 Change-Id: Ib6afdbc40ae1feb8caf040c64c4b01971efc6325 Reviewed-on: https://go-review.googlesource.com/c/139917 Run-TryBot: Mikio Hara <mikioh.mikioh@gmail.com> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Ian Lance Taylor <iant@golang.org> (cherry picked from commit 146acd2) Reviewed-on: https://go-review.googlesource.com/c/net/+/170618 Run-TryBot: Brad Fitzpatrick <bradfitz@golang.org>

…er send queue An attacker could cause servers to queue an unlimited number of PING ACKs or RST_STREAM frames by soliciting them and not reading them, until the program runs out of memory. Limit control frames in the queue to a few thousands (matching the limit imposed by other vendors) by counting as they enter and exit the scheduler, so the protection will work with any WriteScheduler. Once the limit is exceeded, close the connection, as we have no way to communicate with the peer. This addresses CVE-2019-9512 and CVE-2019-9514. Updates golang/go#33606 Change-Id: I842968fc6ed3eac654b497ade8cea86f7267886b Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/525552 Reviewed-by: Brad Fitzpatrick <bradfitz@google.com> (cherry picked from commit 589ad6cc5321fb68a90370348a241a5da0a2cc80) Reviewed-on: https://team-review.git.corp.google.com/c/golang/go-private/+/526070 Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

googlebot added the cla: no label Dec 29, 2018

cixtor and others added 3 commits April 3, 2019 17:05

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[release-branch.go1.11] http2: don't leak streams on broken body #28

[release-branch.go1.11] http2: don't leak streams on broken body #28

386898917 commented Dec 29, 2018

googlebot commented Dec 29, 2018

[release-branch.go1.11] http2: don't leak streams on broken body #28

Are you sure you want to change the base?

[release-branch.go1.11] http2: don't leak streams on broken body #28

Conversation

386898917 commented Dec 29, 2018

googlebot commented Dec 29, 2018

What to do if you already signed the CLA

Individual signers

Corporate signers