mirror of
https://github.com/nodejs/node.git
synced 2025-04-30 23:56:58 +00:00
1b693fa03a
This commit fixes a memory leak when the socket is suddenly closed by the peer (without GOAWAY notification) and when invalid header (by nghttp2) is identified and the connection is terminated by peer. Refs: https://hackerone.com/reports/2841362 PR-URL: https://github.com/nodejs-private/node-private/pull/650 Reviewed-By: James M Snell <jasnell@gmail.com> CVE-ID: CVE-2025-23085
37 lines
1.1 KiB
JavaScript
37 lines
1.1 KiB
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
if (!common.hasCrypto)
|
|
common.skip('missing crypto');
|
|
const assert = require('assert');
|
|
const http2 = require('http2');
|
|
|
|
const settings = { enableConnectProtocol: true };
|
|
const server = http2.createServer({ settings });
|
|
server.on('stream', common.mustNotCall());
|
|
server.on('session', common.mustCall((session) => {
|
|
// This will force the connection to close because once extended connect
|
|
// is on, it cannot be turned off. The server is behaving badly.
|
|
session.settings({ enableConnectProtocol: false });
|
|
}));
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const client = http2.connect(`http://localhost:${server.address().port}`);
|
|
client.on('remoteSettings', common.mustCall((settings) => {
|
|
assert(settings.enableConnectProtocol);
|
|
const req = client.request({
|
|
':method': 'CONNECT',
|
|
':protocol': 'foo'
|
|
});
|
|
req.on('error', common.mustCall(() => {
|
|
server.close();
|
|
}));
|
|
}));
|
|
|
|
client.on('error', common.expectsError({
|
|
code: 'ERR_HTTP2_ERROR',
|
|
name: 'Error',
|
|
message: 'Protocol error'
|
|
}));
|
|
}));
|