Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net/http: http2 page fails on firefox/safari if pushing resources [1.21 backport] #63560

Closed
gopherbot opened this issue Oct 15, 2023 · 3 comments
Closed

net/http: http2 page fails on firefox/safari if pushing resources [1.21 backport] #63560

gopherbot opened this issue Oct 15, 2023 · 3 comments
Assignees
@mauri870
Labels
CherryPickApproved Used during the release process for point releases
Milestone
Go1.21.4

Comments

@gopherbot
Copy link

@mauri870 requested issue #63511 to be considered for backport to the next 1.21 minor release.

@gopherbot, please backport to Go 1.21.4
@gopherbot gopherbot added the CherryPickCandidate Used during the release process for point releases label Oct 15, 2023
@gopherbot gopherbot mentioned this issue Oct 15, 2023
Closed
@gopherbot gopherbot added this to the Go1.21.4 milestone Oct 15, 2023
@dr2chase dr2chase added the CherryPickApproved Used during the release process for point releases label Oct 25, 2023
@gopherbot gopherbot removed the CherryPickCandidate Used during the release process for point releases label Oct 25, 2023
@mauri870 mauri870 self-assigned this Oct 26, 2023
@gopherbot
Copy link
Author

Change https://go.dev/cl/537996 mentions this issue: [release-branch.go1.21] net/http: pull http2 underflow fix from x/net/http2

@gopherbot
Copy link
Author

Change https://go.dev/cl/537957 mentions this issue: [internal-branch.go1.21-vendor] http2: fix underflow in http2 server push

gopherbot pushed a commit to golang/net that referenced this issue Oct 27, 2023
@mauri870 @gopherbot
[internal-branch.go1.21-vendor] http2: fix underflow in http2 server …
5ca955b 
…push

After CL 534215 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

The func startPush calls runHandler without incrementing
curHandlers. Seems to only affect users of http.Pusher.

For golang/go#63511
For golang/go#63560

Change-Id: Ic537c27c9945c2c2d4306ddb04e9527b65cee320
GitHub-Last-Rev: 249fe55
GitHub-Pull-Request: #197
Reviewed-on: https://go-review.googlesource.com/c/net/+/535595
Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
(cherry picked from commit 37479d6)
Reviewed-on: https://go-review.googlesource.com/c/net/+/537957
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@google.com>
gopherbot pushed a commit that referenced this issue Oct 30, 2023
@mauri870 @cherrymui
[release-branch.go1.21] net/http: pull http2 underflow fix from x/net…
434af85 
…/http2

After CL 534295 was merged to fix a CVE it introduced
an underflow when we try to decrement sc.curHandlers
in handlerDone.

Pull in a fix from x/net/http2:
http2: fix underflow in http2 server push
https://go-review.googlesource.com/c/net/+/535595

For #63511
Fixes #63560

Change-Id: I5c678ce7dcc53635f3ad5e4999857cb120dfc1ab
GitHub-Last-Rev: 587ffa3
GitHub-Pull-Request: #63561
Reviewed-on: https://go-review.googlesource.com/c/go/+/535575
Run-TryBot: Mauri de Souza Meneguzzo <mauri870@gmail.com>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
Reviewed-by: David Chase <drchase@google.com>
Auto-Submit: Dmitri Shuralyov <dmitshur@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit 0046c14)
Reviewed-on: https://go-review.googlesource.com/c/go/+/537996
Reviewed-by: Cherry Mui <cherryyz@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
@gopherbot
Copy link
Author

Closed by merging 434af85 to release-branch.go1.21.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mauri870 mauri870

Labels
CherryPickApproved Used during the release process for point releases
Projects
None yet
Milestone
Go1.21.4
Development

No branches or pull requests
3 participants
@dr2chase @gopherbot @mauri870