diff --git a/CVE-2020-10705.patch b/CVE-2020-10705.patch new file mode 100644 index 0000000000000000000000000000000000000000..7dc0fdb79f86661274c6703c4fcec15ae6c02dd7 --- /dev/null +++ b/CVE-2020-10705.patch @@ -0,0 +1,97 @@ +From b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 Mon Sep 17 00:00:00 2001 +From: Stuart Douglas +Date: Wed, 15 Apr 2020 15:39:02 +1000 +Subject: [PATCH] [UNDERTOW-1657] Fix issue with 100-continue and h2 + +--- + .../server/handlers/HttpContinueReadHandler.java | 12 +++++++----- + .../server/protocol/ajp/AjpServerConnection.java | 6 +++++- + .../server/protocol/http/HttpServerConnection.java | 6 +++++- + 3 files changed, 17 insertions(+), 7 deletions(-) + +diff --git a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java +index 33c5c25..4a905f3 100644 +--- a/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java ++++ b/core/src/main/java/io/undertow/server/handlers/HttpContinueReadHandler.java +@@ -23,15 +23,17 @@ import java.nio.ByteBuffer; + import java.nio.channels.FileChannel; + import java.util.concurrent.TimeUnit; + ++import org.xnio.channels.StreamSinkChannel; ++import org.xnio.conduits.AbstractStreamSourceConduit; ++import org.xnio.conduits.StreamSourceConduit; ++ + import io.undertow.server.ConduitWrapper; +-import io.undertow.server.protocol.http.HttpContinue; + import io.undertow.server.HttpHandler; + import io.undertow.server.HttpServerExchange; ++import io.undertow.server.ResponseCommitListener; ++import io.undertow.server.protocol.http.HttpContinue; + import io.undertow.util.ConduitFactory; + import io.undertow.util.StatusCodes; +-import org.xnio.channels.StreamSinkChannel; +-import org.xnio.conduits.AbstractStreamSourceConduit; +-import org.xnio.conduits.StreamSourceConduit; + + /** + * Handler for requests that require 100-continue responses. If an attempt is made to read from the source +@@ -44,7 +46,7 @@ public class HttpContinueReadHandler implements HttpHandler { + private static final ConduitWrapper WRAPPER = new ConduitWrapper() { + @Override + public StreamSourceConduit wrap(final ConduitFactory factory, final HttpServerExchange exchange) { +- if(exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) { ++ if (exchange.isRequestChannelAvailable() && !exchange.isResponseStarted()) { + return new ContinueConduit(factory.create(), exchange); + } + return factory.create(); +diff --git a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java +index e5e3031..d9cae2d 100644 +--- a/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java ++++ b/core/src/main/java/io/undertow/server/protocol/ajp/AjpServerConnection.java +@@ -26,6 +26,8 @@ import io.undertow.server.HttpHandler; + import io.undertow.server.HttpServerExchange; + import io.undertow.server.SSLSessionInfo; + import io.undertow.util.DateUtils; ++ ++import org.xnio.IoUtils; + import org.xnio.OptionMap; + import io.undertow.connector.ByteBufferPool; + import org.xnio.StreamConnection; +@@ -61,7 +63,9 @@ public final class AjpServerConnection extends AbstractServerConnection { + + @Override + public void terminateRequestChannel(HttpServerExchange exchange) { +- //todo: terminate ++ if (!exchange.isPersistent()) { ++ IoUtils.safeClose(getChannel().getSourceChannel()); ++ } + } + + @Override +diff --git a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java +index 0128e9b..63bcdd6 100644 +--- a/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java ++++ b/core/src/main/java/io/undertow/server/protocol/http/HttpServerConnection.java +@@ -36,6 +36,8 @@ import io.undertow.util.Headers; + import io.undertow.util.HttpString; + import io.undertow.util.ImmediatePooledByteBuffer; + import io.undertow.util.Methods; ++ ++import org.xnio.IoUtils; + import org.xnio.OptionMap; + import io.undertow.connector.ByteBufferPool; + import io.undertow.connector.PooledByteBuffer; +@@ -135,7 +137,9 @@ public final class HttpServerConnection extends AbstractServerConnection { + + @Override + public void terminateRequestChannel(HttpServerExchange exchange) { +- ++ if (!exchange.isPersistent()) { ++ IoUtils.safeClose(getChannel().getSourceChannel()); ++ } + } + + /** +-- +2.23.0 + diff --git a/undertow.spec b/undertow.spec index f1bac96e344749150186a65c7fb2ad1f5ab9abff..06d8b22b627af2f594e78f108b7eb6dde9fad13b 100644 --- a/undertow.spec +++ b/undertow.spec @@ -2,13 +2,14 @@ %global namedversion %{version}%{?namedreltag} Name: undertow Version: 1.4.0 -Release: 1 +Release: 2 Summary: Java web server using non-blocking IO License: ASL 2.0 URL: http://undertow.io/ Source0: https://github.com/undertow-io/undertow/archive/%{namedversion}/%{name}-%{namedversion}.tar.gz # Remove unavailable methods in jetty-alpn-api-1.1.0 Patch0: undertow-1.4.0-jetty-alpn-api-1.1.0.patch +Patch1: CVE-2020-10705.patch BuildArch: noarch Epoch: 1 BuildRequires: maven-local mvn(junit:junit) mvn(org.eclipse.jetty.alpn:alpn-api) @@ -32,6 +33,7 @@ This package contains the API documentation for %{name}. %prep %setup -q -n %{name}-%{namedversion} %patch0 -p1 +%patch1 -p1 rm -rf mac-jdk-fix %pom_disable_module examples %pom_remove_plugin -r :maven-checkstyle-plugin @@ -60,5 +62,8 @@ done %license LICENSE.txt %changelog +* Wed Oct 27 2021 houyingchao - 1.4.0-2 +- Fix CVE-2020-10705 + * Wed Aug 19 2020 maminjie - 1.4.0-1 - package init