jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-01 17:03:34 +00:00
Code Issues Actions 25 Packages Projects Releases Wiki Activity
36,947 Commits 59 Branches 878 Tags 2.1 GiB
cb15fc56d8
Commit Graph

2 Commits

Author SHA1 Message Date
Anna Henningsen
e876c0c308
http2: add support for sensitive headers 
Add support for “sensitive”/“never-indexed” HTTP2 headers.

Fixes: https://github.com/nodejs/node/issues/34091

PR-URL: https://github.com/nodejs/node/pull/34145
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
 2020-07-16 00:25:47 +02:00
Anna Henningsen
b4cfa521b8
http2: handle 0-length headers better 
Ignore headers with 0-length names and track memory for headers
the way we track it for other HTTP/2 session memory too.

This is intended to mitigate CVE-2019-9516.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2019-08-15 09:51:52 +02:00