1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

http: disable request smuggling via empty headers

Browse Source 
PR-URL: https://github.com/nodejs-private/node-private/pull/427
Fixes: https://hackerone.com/reports/2001873
Refs: https://github.com/nodejs-private/llhttp-private/pull/13
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2023-30589
This commit is contained in:
Paolo Insogna 2023-06-13 12:06:27 +02:00 committed by RafaelGSS
parent 4a82c8fda0
commit 2e6de554f6
4 changed files with 650 additions and 493 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
deps/llhttp/CMakeLists.txt vendored
View File

@ -1,7 +1,7 @@
cmake_minimum_required(VERSION 3.5.1) cmake_minimum_required(VERSION 3.5.1)
cmake_policy(SET CMP0069 NEW) cmake_policy(SET CMP0069 NEW)
project(llhttp VERSION 8.1.0) project(llhttp VERSION 8.1.1)
include(GNUInstallDirs) include(GNUInstallDirs)
set(CMAKE_C_STANDARD 99) set(CMAKE_C_STANDARD 99)

2
deps/llhttp/include/llhttp.h vendored
View File

@ -3,7 +3,7 @@
#define LLHTTP_VERSION_MAJOR 8 #define LLHTTP_VERSION_MAJOR 8
#define LLHTTP_VERSION_MINOR 1 #define LLHTTP_VERSION_MINOR 1
#define LLHTTP_VERSION_PATCH 0 #define LLHTTP_VERSION_PATCH 1
#ifndef LLHTTP_STRICT_MODE #ifndef LLHTTP_STRICT_MODE
# define LLHTTP_STRICT_MODE 0 # define LLHTTP_STRICT_MODE 0

1056
deps/llhttp/src/llhttp.c vendored
View File

File diff suppressed because it is too large Load Diff

83
test/parallel/test-http-missing-header-separator-lf.js Normal file
View File

@ -0,0 +1,83 @@
'use strict';
const common = require('../common');
const assert = require('assert');
const http = require('http');
const net = require('net');
function serverHandler(server, msg) {
const client = net.connect(server.address().port, 'localhost');
let response = '';
client.on('data', common.mustCall((chunk) => {
response += chunk;
}));
client.setEncoding('utf8');
client.on('error', common.mustNotCall());
client.on('end', common.mustCall(() => {
assert.strictEqual(
response,
'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n'
);
server.close();
}));
client.write(msg);
client.resume();
}
{
const msg = [
'GET / HTTP/1.1',
'Host: localhost',
'Dummy: x\rContent-Length: 23',
'',
'GET / HTTP/1.1',
'Dummy: GET /admin HTTP/1.1',
'Host: localhost',
'',
'',
].join('\r\n');
const server = http.createServer(common.mustNotCall());
server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg)));
}
{
const msg = [
'POST / HTTP/1.1',
'Host: localhost',
'x:x\rTransfer-Encoding: chunked',
'',
'1',
'A',
'0',
'',
'',
].join('\r\n');
const server = http.createServer(common.mustNotCall());
server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg)));
}
{
const msg = [
'POST / HTTP/1.1',
'Host: localhost',
'x:\rTransfer-Encoding: chunked',
'',
'1',
'A',
'0',
'',
'',
].join('\r\n');
const server = http.createServer(common.mustNotCall());
server.listen(0, common.mustSucceed(serverHandler.bind(null, server, msg)));
}