openharmony/third_party_nghttp2
1
0
Fork 0
mirror of https://gitee.com/openharmony/third_party_nghttp2 synced 2024-11-26 17:40:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,443 Commits 176 Branches 34 Tags 32 MiB
master
Commit Graph

1541 Commits

Author SHA1 Message Date
zhaohui91
ab202ae575 libnghttp2_shared 添加pac 后向cfi 编译参数 
Signed-off-by: zhaohui91 <zhaohui91@h-partners.com>
 2024-08-30 17:44:18 +08:00
liuxiyao223
0cb2929381 build modify 
Signed-off-by: liuxiyao223 <liuxiyao223@huawei.com>
 2024-04-18 16:00:03 +08:00
Aurora
b6ec548300 Reading unbounded number of HTTP/2 CONTINUATION frames to cause excessive CPU usage 
Signed-off-by: Aurora <liuxiyao223@huawei.com>
Change-Id: I75034195506a0704fb659cee4b26fbc9b2f99150
 2024-04-10 16:32:54 +08:00
Aurora
d64f959920 nghttp2 v1.58.0 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQT087kUdNHrKYib0O9+hAPV1nPDZgUCZTutEwAKCRB+hAPV1nPD
 ZnYfAJ4ohvI3xRfVb45kyJzCL9APVEgGkwCgzg11hSTNQ1CfeWuhDvsC1REBqm0=
 =aYJq
 -----END PGP SIGNATURE-----

Nghttp2 upgrade to version 1.58.0

Signed-off-by: Aurora <liuxiyao223@huawei.com>
 2024-04-07 16:46:52 +08:00
Aurora
0f3978ca78
修复版本错误导致接口无法使用 
Signed-off-by: Aurora <liuxiyao223@huawei.com>
 2024-03-04 03:29:41 +00:00
chenxu
cbf1e6cd45 add nghttp2_seesion_client_new2 to map file 
Signed-off-by: chenxu <chenxu1120@thundersoft.com>
 2023-11-24 17:52:20 +08:00
quguiren
abbafe4ee0 third-party library 
Signed-off-by: quguiren <quguiren@huawei.com>
 2023-11-14 09:54:57 +08:00
徐杰
92a10b73c3 漏洞补丁【CVE-2023-44487】 
Signed-off-by: 徐杰 <xujie223@huawei.com>
 2023-10-26 02:03:14 +00:00
openharmony_ci
e0e3425635
!38 升级nghttp2到v1.55.0 
Merge pull request !38 from 徐杰/xj_1014_2
 2023-10-21 07:36:50 +00:00
quguiren
9ec53dc914 third_party_nghttp2 Compile into library transformation 
Signed-off-by: quguiren <quguiren@huawei.com>
 2023-10-19 19:15:21 +08:00
Tatsuhiro Tsujikawa
54a5d271d3
Merge pull request #1977 from nghttp2/fix-cygwin-build 
Prefer clock_gettime if __CYGWIN__ defined
 2023-10-19 00:10:30 +09:00
Tatsuhiro Tsujikawa
723f131f76 windows: Fix warnings 2023-10-18 21:39:24 +09:00
Tatsuhiro Tsujikawa
c7536993cf Prefer clock_gettime if __CYGWIN__ defined 2023-10-18 21:13:57 +09:00
xujie
0ed81210cc change version to 1.55.0 
Signed-off-by: xujie <xujie223@huawei.com>
 2023-10-14 22:59:24 +08:00
xujie
16810ecd9f nghttp2 v1.55.0 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQT087kUdNHrKYib0O9+hAPV1nPDZgUCZK5jPAAKCRB+hAPV1nPD
 ZpPZAJ9zCed2FWlUUon5ha1Mdf3/zNT3hwCgpRRnGWA6ipu7VH3qDvLyvnnX7Yo=
 =gkZl
 -----END PGP SIGNATURE-----

Merge tag 'v1.55.0' of https://github.com/nghttp2/nghttp2 into xj_1014_2

nghttp2 v1.55.0
 2023-10-14 22:16:50 +08:00
Tatsuhiro Tsujikawa
bf8f419ca9 Fix build error when both clock_gettime and GetTickCount64 are available 2023-10-11 17:19:05 +09:00
Tatsuhiro Tsujikawa
72b4af6143 Rework session management 2023-10-10 22:41:58 +09:00
maosiping
4ba335263a change version to 1.52.0 
Signed-off-by: maosiping <m00557507@china.huawei.com>
 2023-07-20 09:05:11 +08:00
maosiping
a057baf97b nghttp2 v1.52.0 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQT087kUdNHrKYib0O9+hAPV1nPDZgUCY+omhAAKCRB+hAPV1nPD
 ZsbZAKDQU/YoBkwErRCARWKwNz4WU3KfggCggWBKvQQgeg3H+G76pvH51ZUe+Yc=
 =2xV/
 -----END PGP SIGNATURE-----

Merge tag 'v1.52.0' into master

nghttp2 v1.52.0
 2023-07-20 09:02:27 +08:00
Tatsuhiro Tsujikawa
07b69bb06f Make session_after_frame_sent2 return void 2023-07-15 16:27:38 +09:00
Tatsuhiro Tsujikawa
98df5b59e5 frame: Make functions that always succeed return void 2023-07-15 16:15:25 +09:00
Tatsuhiro Tsujikawa
cdfb517528 Make functions that always succeed return void 2023-07-15 15:36:50 +09:00
Tatsuhiro Tsujikawa
ce385d3f55 Fix memory leak 
This commit fixes memory leak that happens when PUSH_PROMISE or
HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback
fails with a fatal error.  For example, if GOAWAY frame has been
received, a HEADERS frame that opens new stream cannot be sent.

This issue has already been made public via CVE-2023-35945 [1] issued
by envoyproxy/envoy project.  During embargo period, the patch to fix
this bug was accidentally submitted to nghttp2/nghttp2 repository [2].
And they decided to disclose CVE early.  I was notified just 1.5 hours
before disclosure.  I had no time to respond.

PoC described in [1] is quite simple, but I think it is not enough to
trigger this bug.  While it is true that receiving GOAWAY prevents a
client from opening new stream, and nghttp2 enters error handling
branch, in order to cause the memory leak,
nghttp2_session_close_stream function must return a fatal error.
nghttp2 defines 2 fatal error codes:

- NGHTTP2_ERR_NOMEM
- NGHTTP2_ERR_CALLBACK_FAILURE

NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory.  It
is unlikely that a process gets short of memory with this simple PoC
scenario unless application does something memory heavy processing.

NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined
callback function (nghttp2_on_stream_close_callback, in this case),
which indicates something fatal happened inside a callback, and a
connection must be closed immediately without any further action.  As
nghttp2_on_stream_close_error_callback documentation says, any error
code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal
error code.  More specifically, it is treated as if
NGHTTP2_ERR_CALLBACK_FAILURE is returned.  I guess that envoy returns
NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated
into NGHTTP2_ERR_CALLBACK_FAILURE.

[1] https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
[2] https://github.com/nghttp2/nghttp2/pull/1929
 2023-07-14 21:37:37 +09:00
liyufan
9697ced2cc Merge branch 'master' of gitee.com:openharmony/third_party_nghttp2 into master 
Signed-off-by: liyufan <liyufan5@huawei.com>
 2023-06-16 14:35:13 +00:00
openharmony_ci
8bb2b22189
!30 feat: 添加innerapi_tag 
Merge pull request !30 from cheng_jinsong/fly0516
 2023-06-16 06:42:04 +00:00
cheng_jinsong
b11cd4589e
update lib/BUILD.gn. 
Signed-off-by: cheng_jinsong <chengjinsong2@huawei.com>
 2023-06-12 12:13:30 +00:00
liyufan
565037a53a code check 
Signed-off-by: liyufan <liyufan5@huawei.com>
 2023-06-09 09:58:20 +08:00
lidanyang
871b6a405e pack nghttp2 library to updater ramdisk 
Signed-off-by: lidanyang <lidanyang12@huawei.com>
 2023-05-19 16:25:38 +08:00
chengjinsong2
f26cf2318e add innertag on third_party_nghttp2 
Signed-off-by: chengjinsong2 <chengjinsong2@huawei.com>
 2023-05-17 16:26:40 +08:00
Tatsuhiro Tsujikawa
2ee33fe8cd Import ngtcp2/sfparse, Structured Field Values parser 2023-04-22 17:42:12 +09:00
Tatsuhiro Tsujikawa
70690ce010 Initialize map table lazily 2023-04-22 17:04:52 +09:00
Tatsuhiro Tsujikawa
84eecc015c Fix implicit conversion warnings 2023-04-21 18:02:50 +09:00
mamingshuai
0bd9893956
!23 升级1.47.0 
Merge pull request !23 from maosiping/master
 2023-01-31 06:59:31 +00:00
Yangys
a2257ee6f2 Optimizing SO 
Signed-off-by: Yangys <yangyousheng@huawei.com>
 2023-01-31 10:50:35 +08:00
openharmony_ci
9243060bc3
回退 'Pull Request !24 : Optimizing SO' 2023-01-30 13:13:02 +00:00
Yangys
0269b7dd3a optimizing SO 
Signed-off-by: Yangys <yangyousheng@huawei.com>
 2023-01-30 19:33:38 +08:00
maosiping
73fdc04877 adapter 1.47.0 compile 
Signed-off-by: maosiping <maosiping@huawei.com>
 2023-01-30 18:06:31 +08:00
maosiping
299b6f2796 nghttp2 v1.47.0 
-----BEGIN PGP SIGNATURE-----
 
 iF0EABECAB0WIQT087kUdNHrKYib0O9+hAPV1nPDZgUCYhXr8gAKCRB+hAPV1nPD
 ZqYXAJ4vRD7dO3TxZdZu9b5PTXFj/FsYMgCdHtYMFEwKtn2n/42vdYVTMa2OthU=
 =D0W0
 -----END PGP SIGNATURE-----

Merge tag 'v1.47.0' of https://gitee.com/mirrors/nghttp2

nghttp2 v1.47.0
 2023-01-30 18:05:32 +08:00
zhouhaifeng
78546ae01b change libcurl_shared depends static library to shared library 
Signed-off-by: zhouhaifeng <kutcher.zhou@huawei.com>
 2023-01-10 17:05:53 +08:00
zhouhaifeng
2fb3b64381 change curl depend static library to shared library 
Signed-off-by: zhouhaifeng <kutcher.zhou@huawei.com>
 2023-01-03 18:07:54 +08:00
Tatsuhiro Tsujikawa
b4cb3b0090 Remove deprecated python bindings 2022-12-26 17:06:36 +09:00
Viktor Szakats
5eed83ee17
add casts to silence implicit conversion warnings 
Fixes #1821
 2022-10-19 11:57:31 +00:00
Tatsuhiro Tsujikawa
3f65ab7871 Update doc 
Remove outdated text
 2022-10-16 16:09:43 +09:00
Tatsuhiro Tsujikawa
eb06e33e38 Add nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation 2022-09-07 16:34:12 +09:00
Tatsuhiro Tsujikawa
a94d2de89a Check leading white spaces in :protocol 2022-09-07 16:32:20 +09:00
Tatsuhiro Tsujikawa
9a16e73813 Compile with mingw64 2022-07-05 18:10:57 +09:00
Tatsuhiro Tsujikawa
fc6d064371 No need to check pseudo header lws 
No need to check pseudo header lws because it is guaranteed not to
have leading white spaces.
 2022-06-25 11:24:10 +09:00
Tatsuhiro Tsujikawa
7f4c2f9ec3 Add nghttp2_check_header_value_rfc9113 
Add nghttp2_check_header_value_rfc9113 which verifies the additional
rule imposed by RFC 9113, section 8.2.1, that is a field value must
not start or end with 0x20(SPC) or 0x09(HTAB).

libnghttp2 uses this new function internally.
 2022-06-24 19:44:13 +09:00
Tatsuhiro Tsujikawa
d115f580e2 Do not parse priority header field value included in PUSH_PROMISE 2022-06-23 22:44:01 +09:00
Tatsuhiro Tsujikawa
41aaa47fd0
Merge pull request #1734 from nghttp2/server-change-extpri 
Allow server to override RFC 9218 stream priority
 2022-06-16 20:53:12 +09:00