rpms / httpd24-httpd

Clone
Source Code
GIT

Blame SOURCES/httpd-2.4.34-CVE-2018-17189.patch

c7
  1.   ad4e622ea436802207b530daf1d47eab2f0217a6
  2.   SOURCES
  3.   httpd-2.4.34-CVE-2018-17189.patch
Blob History Raw
ad4e62 
diff --git a/modules/http2/h2_conn.c b/modules/http2/h2_conn.c
ad4e62 
index 2e956593aa..88da2bab3e 100644
ad4e62 
--- a/modules/http2/h2_conn.c
ad4e62 
+++ b/modules/http2/h2_conn.c
ad4e62 
@@ -354,6 +354,15 @@ apr_status_t h2_slave_run_pre_connection(conn_rec *slave, apr_socket_t *csd)
ad4e62 
          * (Not necessarily in pre_connection, but later. Set it here, so it
ad4e62 
          * is in place.) */
ad4e62 
         slave->keepalives = 1;
ad4e62 
+        /* We signal that this connection will be closed after the request.
ad4e62 
+         * Which is true in that sense that we throw away all traffic data
ad4e62 
+         * on this slave connection after each requests. Although we might
ad4e62 
+         * reuse internal structures like memory pools.
ad4e62 
+         * The wanted effect of this is that httpd does not try to clean up
ad4e62 
+         * any dangling data on this connection when a request is done. Which
ad4e62 
+         * is unneccessary on a h2 stream.
ad4e62 
+         */
ad4e62 
+        slave->keepalive = AP_CONN_CLOSE;
ad4e62 
         return ap_run_pre_connection(slave, csd);
ad4e62 
     }
ad4e62 
     return APR_SUCCESS;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation