1.According to the description above error line in node_http2.cc,this should be checking whether frame->hd.type is NGHTTP2_GOAWAY,and the value of NGHTTP2_GOAWAY is 0x07,however,it is written as 0x03 here,which i think it is an error;2.correct the error of http2 header frame content based on http2 related protocal so that make UT script exited successfully

2025-04-11 08:27:56 +08:00 · 2025-04-11 08:27:56 +08:00 · 5f9f617f08
commit 5f9f617f08
parent 7995eae96c
2 changed files with 56 additions and 1 deletions
--- a/0007-correct-some-errors-related-to-CVE-2025-23085.patch
+++ b/0007-correct-some-errors-related-to-CVE-2025-23085.patch
@ -0,0 +1,51 @@
 From 99350cc54fbd14e9294fed5b5b0ef7eb99c25d8b Mon Sep 17 00:00:00 2001
 From: hanguanqiang <hanguanqiang@kylinos.cn>
 Date: Fri, 11 Apr 2025 07:55:50 +0800
 Subject: [PATCH] correct-some-errors-related-to-CVE-2025-23085
 ---
 src/node_http2.cc                           | 2 +-
 test/parallel/test-http2-premature-close.js | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)
 diff --git a/src/node_http2.cc b/src/node_http2.cc
 index 6365734..ac59ce9 100644
 --- a/src/node_http2.cc
 +++ b/src/node_http2.cc
@@ -1048,7 +1048,7 @@ int Http2Session::OnFrameNotSent(nghttp2_session* handle,
     // closed but the Http2Session will still be up causing a memory leak.
     // Therefore, if the GOAWAY frame couldn't be send due to
     // ERR_SESSION_CLOSING we should force close from our side.
 -    if (frame->hd.type != 0x03) {
 +    if (frame->hd.type != NGHTTP2_GOAWAY) {
       return 0;
     }
   }
 diff --git a/test/parallel/test-http2-premature-close.js b/test/parallel/test-http2-premature-close.js
 index a9b08f5..df30c42 100644
 --- a/test/parallel/test-http2-premature-close.js
 +++ b/test/parallel/test-http2-premature-close.js
@@ -29,9 +29,9 @@ async function requestAndClose(server) {
     // Send a valid HEADERS frame
     const headersFrame = Buffer.concat([
       Buffer.from([
 -        0x00, 0x00, 0x0c, // Length: 12 bytes
 +        0x00, 0x00, 0x0e, // Length: 14 bytes
         0x01, // Type: HEADERS
 -        0x05, // Flags: END_HEADERS + END_STREAM
 +        0x04, // Flags: END_HEADERS
         (streamId >> 24) & 0xFF, // Stream ID: high byte
         (streamId >> 16) & 0xFF,
         (streamId >> 8) & 0xFF,
@@ -41,7 +41,7 @@ async function requestAndClose(server) {
         0x82, // Indexed Header Field Representation (Predefined ":method: GET")
         0x84, // Indexed Header Field Representation (Predefined ":path: /")
         0x86, // Indexed Header Field Representation (Predefined ":scheme: http")
 -        0x44, 0x0a, // Custom ":authority: localhost"
 +        0x41, 0x09, // ":authority: localhost" Length: 9 bytes
         0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74,
       ]),
     ]);
 -- 
 2.43.0
--- a/nodejs.spec
+++ b/nodejs.spec
@ -1,5 +1,5 @@
 %bcond_with bootstrap
-%global baserelease 11
+%global baserelease 12
 %{?!_pkgdocdir:%global _pkgdocdir %{_docdir}/%{name}-%{version}}
 %global nodejs_epoch 1
 %global nodejs_major 12
@ -112,6 +112,7 @@ Patch00033: CVE-2024-22025.patch
 Patch00034: CVE-2024-27982.patch
 Patch00035: CVE-2024-27983.patch
 Patch00036: CVE-2025-23085.patch
 Patch00037: 0007-correct-some-errors-related-to-CVE-2025-23085.patch
 BuildRequires: python3-devel
 BuildRequires: zlib-devel
@ -514,6 +515,9 @@ end
 %{_pkgdocdir}/npm/docs
 %changelog
 * Fri Apr 11 2025 hanguanqiang <hanguanqiang@kylinos.cn> - 1:12.22.11-12
 - correct error related to CVE-2025-23085
 * Wed Mar 05 2025 yaoxin <1024769339@qq.com> - 1:12.22.11-11
 - Fix CVE-2025-23085