1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

http: add test for http transfer encoding smuggling

Browse Source 
CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
This commit is contained in:
Matteo Collina 2020-10-22 14:59:58 +02:00 committed by Beth Griggs
parent 051154e0e6
commit 029703100f
No known key found for this signature in database
GPG Key ID: D7062848A1AB005C
1 changed files with 44 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
test/parallel/test-http-transfer-encoding-smuggling.js Normal file
View File

@ -0,0 +1,44 @@
'use strict';
const common = require('../common');
const http = require('http');
const net = require('net');
const msg = [
'POST / HTTP/1.1',
'Host: 127.0.0.1',
'Transfer-Encoding: chunked',
'Transfer-Encoding: chunked-false',
'Connection: upgrade',
'',
'1',
'A',
'0',
'',
'GET /flag HTTP/1.1',
'Host: 127.0.0.1',
'',
'',
].join('\r\n');
// Verify that the server is called only once even with a smuggled request.
const server = http.createServer(common.mustCall((req, res) => {
res.end();
}, 1));
function send(next) {
const client = net.connect(server.address().port, 'localhost');
client.setEncoding('utf8');
client.on('error', common.mustNotCall());
client.on('end', next);
client.write(msg);
client.resume();
}
server.listen(0, common.mustSucceed(() => {
send(common.mustCall(() => {
server.close();
}));
}));