From e66196edfe884e1d25487407acab7d80887d6893 Mon Sep 17 00:00:00 2001
From: wangxiao65 <287608437@qq.com>
Date: Wed, 21 Apr 2021 14:24:53 +0800
Subject: [PATCH] fix CVE-2021-28165

(cherry picked from commit 01f377e938aea11b85a452e9cb10054585bc8549)
---
 CVE-2021-28165-1.patch | 36 ++++++++++++++++++++++++++++++++++++
 CVE-2021-28165-2.patch | 39 +++++++++++++++++++++++++++++++++++++++
 jetty.spec             |  7 ++++++-
 3 files changed, 81 insertions(+), 1 deletion(-)
 create mode 100644 CVE-2021-28165-1.patch
 create mode 100644 CVE-2021-28165-2.patch

diff --git a/CVE-2021-28165-1.patch b/CVE-2021-28165-1.patch
new file mode 100644
index 0000000..585049c
--- /dev/null
+++ b/CVE-2021-28165-1.patch
@@ -0,0 +1,36 @@
+From 00d379c94ba865dced2025c2d1bc3e2e0e41e880 Mon Sep 17 00:00:00 2001
+From: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+Date: Thu, 18 Mar 2021 08:08:55 -0500
+Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
+ length > 17408.
+
+Avoid spinning if the input buffer is full.
+
+Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+Co-authored-by: Joakim Erdfelt <joakim.erdfelt@gmail.com>
+---
+ .../main/java/org/eclipse/jetty/io/ssl/SslConnection.java | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+index bc2431d..b2482e7 100644
+--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
++++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+@@ -603,7 +603,13 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
+ 
+                                 case BUFFER_UNDERFLOW:
+                                     if (net_filled > 0)
+-                                        continue; // try filling some more
++                                    {
++                                        if (BufferUtil.space(_encryptedInput) > 0)
++                                            continue; // try filling some more
++                                        BufferUtil.clear(_encryptedInput);
++                                        throw new SSLHandshakeException("Encrypted buffer max length exceeded");
++                                    }
++
+                                     _underflown = true;
+                                     if (net_filled < 0 && _sslEngine.getUseClientMode())
+                                     {
+-- 
+2.23.0
+
diff --git a/CVE-2021-28165-2.patch b/CVE-2021-28165-2.patch
new file mode 100644
index 0000000..3063410
--- /dev/null
+++ b/CVE-2021-28165-2.patch
@@ -0,0 +1,39 @@
+From 294b2ba02b667548617a94cd99592110ac230add Mon Sep 17 00:00:00 2001
+From: Simone Bordet <simone.bordet@gmail.com>
+Date: Mon, 22 Mar 2021 10:39:36 +0100
+Subject: [PATCH] Fixes #6072 - jetty server high CPU when client send data
+ length > 17408.
+
+Updates after review.
+
+Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
+---
+ .../main/java/org/eclipse/jetty/io/ssl/SslConnection.java  | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+index b2482e7..44c7f10 100644
+--- a/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
++++ b/jetty-io/src/main/java/org/eclipse/jetty/io/ssl/SslConnection.java
+@@ -602,14 +602,15 @@ public class SslConnection extends AbstractConnection implements Connection.Upgr
+                                     return filled = -1;
+ 
+                                 case BUFFER_UNDERFLOW:
+-                                    if (net_filled > 0)
++                                    if (BufferUtil.space(_encryptedInput) == 0)
+                                     {
+-                                        if (BufferUtil.space(_encryptedInput) > 0)
+-                                            continue; // try filling some more
+                                         BufferUtil.clear(_encryptedInput);
+                                         throw new SSLHandshakeException("Encrypted buffer max length exceeded");
+                                     }
+ 
++                                    if (net_filled > 0)
++                                        continue; // try filling some more
++
+                                     _underflown = true;
+                                     if (net_filled < 0 && _sslEngine.getUseClientMode())
+                                     {
+-- 
+2.23.0
+
diff --git a/jetty.spec b/jetty.spec
index e4cba33..9de9a8c 100644
--- a/jetty.spec
+++ b/jetty.spec
@@ -12,7 +12,7 @@
 %bcond_with     jp_minimal
 Name:                jetty
 Version:             9.4.15
-Release:             6
+Release:             7
 Summary:             Java Webserver and Servlet Container
 License:             ASL 2.0 or EPL-1.0 or EPL-2.0
 URL:                 http://www.eclipse.org/jetty/
@@ -27,6 +27,8 @@ Patch2:              CVE-2020-27223-pre-2.patch
 Patch3:              CVE-2020-27223-pre-3.patch
 Patch4:              CVE-2020-27223-pre-4.patch
 Patch5:              CVE-2020-27223.patch
+Patch6:              CVE-2021-28165-1.patch
+Patch7:              CVE-2021-28165-2.patch
 BuildRequires:       maven-local mvn(javax.servlet:javax.servlet-api)
 BuildRequires:       mvn(org.apache.felix:maven-bundle-plugin)
 BuildRequires:       mvn(org.apache.maven.plugins:maven-shade-plugin)
@@ -785,6 +787,9 @@ exit 0
 %license LICENSE NOTICE.txt LICENSE-MIT
 
 %changelog
+* Wed Apr 21 2021 wangxiao <wangxiao65@huawei.com> - 9.4.15-7
+- Fix CVE-2021-28165
+
 * Wed Mar 17 2021 zhanghua <zhanghua40@huawei.com> - 9.4.15-6
 - fix CVE-2020-27223
 
-- 
Gitee