...
Description of problem: We have a customer using curl to query his Satellite 16.3 server. When using HTTP2, curl fails after some time with the following error message: curl: (16) Error in the HTTP2 framing layer Digging into this, we were able to confirm that our curl is missing the following 2 commits: commit 25a25f45ae55aae510a6de1b5bbcfa7547f5db6c Author: Laramie Leavitt <laramie.leavitt@gmail.com> Date: Fri Jul 3 13:10:27 2020 -0700 http: consolidate nghttp2_session_mem_recv() call paths Previously there were several locations that called nghttp2_session_mem_recv and handled responses slightly differently. Those have been converted to call the existing h2_process_pending_input() function. Moved the end-of-session check to h2_process_pending_input() since the only place the end-of-session state can change is after nghttp2 processes additional input frames. This will likely fix the fuzzing error. While I don't have a root cause the out-of-bounds read seems like a use after free, so moving the nghttp2_session_check_request_allowed() call to a location with a guaranteed nghttp2 session seems reasonable. Also updated a few nghttp2 callsites to include error messages and added a few additional error checks. Closes #5648 Author: Daniel Stenberg <daniel@haxx.se> Date: Mon Aug 26 16:00:05 2019 +0200 http2: when marked for closure and wanted to close == OK It could otherwise return an error even when closed correctly if GOAWAY had been received previously. Reported-by: Tom van der Woerdt Fixes #4267 Closes #4268 Version-Release number of selected component (if applicable): curl-7.61.1-30.el8_8.3 How reproducible: Always on customer system when querying his Satellite 6.13
Done-Errata
Click on a version to see all relevant bugs
Red Hat Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.