jiangcuo/node - node - Gitea: Git with a cup of tea

jiangcuo/node

Fork 0

mirror of https://github.com/nodejs/node.git synced 2025-05-06 20:08:02 +00:00

Commit Graph

Author	SHA1	Message	Date
Evan Lucas	ca5f8f80e3	http: check reason chars in writeHead Previously, the reason argument passed to ServerResponse#writeHead was not being properly validated. One could pass CRLFs which could lead to http response splitting. This commit changes the behavior to throw an error in the event any invalid characters are included in the reason. CVE-2016-5325 PR-URL: https://github.com/nodejs/node-private/pull/60 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>	2016-09-28 11:19:18 +10:00

Author

SHA1

Message

Date

Evan Lucas

ca5f8f80e3

http: check reason chars in writeHead

Previously, the reason argument passed to ServerResponse#writeHead was
not being properly validated.  One could pass CRLFs which could lead to
http response splitting. This commit changes the behavior to throw an
error in the event any invalid characters are included in the reason.

CVE-2016-5325

PR-URL: https://github.com/nodejs/node-private/pull/60
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>

2016-09-28 11:19:18 +10:00

1 Commits