]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 022de58) | patch
Merge of r771160,1772576 from trunk:
authorStefan Eissing <icing@apache.org>
Sun, 4 Dec 2016 22:28:45 +0000 (22:28 +0000)
committerStefan Eissing <icing@apache.org>
Sun, 4 Dec 2016 22:28:45 +0000 (22:28 +0000)
commit4b87608f5cdef9de240f5df211d977a11f678dcb
treea26e336f21a0aa60dae39205e9bff01c4e1a3204tree | snapshot
parent022de58ad07bebd28f9c5bad9be6e4258c5a9247commit | diff
Merge of r771160,1772576 from trunk:

SECURITY: CVE-2016-8740

mod_http2: properly crafted, endless HTTP/2 CONTINUATION frames could be used to exhaust all server's memory.

Reported by: Naveen Tiwari <naveen.tiwari@asu.edu> and CDF/SEFCOM at Arizona State University

mod_http2: wseaking cleanup assertion on streams that have never been scheduled

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1772579 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
modules/http2/h2_mplx.c diff | blob | history
modules/http2/h2_session.c diff | blob | history
modules/http2/h2_stream.c diff | blob | history
modules/http2/h2_version.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.