jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-04-28 13:40:37 +00:00
Code Issues Actions 20 Packages Projects Releases Wiki Activity

src: ensure to close stream when destroying session

Browse Source 
Co-Authored-By: Anna Henningsen <anna@addaleax.net>
PR-URL: https://github.com/nodejs-private/node-private/pull/561
Fixes: https://hackerone.com/reports/2319584
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
CVE-ID: CVE-2024-27983
This commit is contained in:
RafaelGSS 2024-03-26 15:55:13 -03:00
parent 6590a8c4e4
commit b25b5aca96
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/node_http2.cc
View File

@ -605,6 +605,12 @@ Http2Session::Http2Session(Http2State* http2_state,
Http2Session::~Http2Session() {
CHECK(!is_in_scope());
Debug(this, "freeing nghttp2 session");
// Ensure that all `Http2Stream` instances and the memory they hold
// on to are destroyed before the nghttp2 session is.
for (const auto& [id, stream] : streams_) {
stream->Detach();
}
streams_.clear();
// Explicitly reset session_ so the subsequent
// current_nghttp2_memory_ check passes.
session_.reset();