1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nodejs/test/parallel/test-http-missing-header-separator-cr.js
Paolo Insogna d9b71f4c24 http: stricter Transfer-Encoding and header separator parsing 
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/315
CVE-ID: CVE-2022-32215,CVE-2022-32214,CVE-2022-32212
2022-07-07 13:20:40 -03:00

44 lines
929 B
JavaScript
Raw Blame History

'use strict';
const common = require('../common');
const assert = require('assert');
const http = require('http');
const net = require('net');
const msg = [
'GET / HTTP/1.1',
'Host: localhost',
'Dummy: x\nContent-Length: 23',
'',
'GET / HTTP/1.1',
'Dummy: GET /admin HTTP/1.1',
'Host: localhost',
'',
'',
].join('\r\n');
const server = http.createServer(common.mustNotCall());
server.listen(0, common.mustSucceed(() => {
const client = net.connect(server.address().port, 'localhost');
let response = '';
client.on('data', common.mustCall((chunk) => {
response += chunk.toString('utf-8');
}));
client.setEncoding('utf8');
client.on('error', common.mustNotCall());
client.on('end', common.mustCall(() => {
assert.strictEqual(
response,
'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n'
);
server.close();
}));
client.write(msg);
client.resume();
}));
Reference in New Issue View Git Blame Copy Permalink