mirror of
https://github.com/nodejs/node.git
synced 2025-05-09 01:30:25 +00:00
d9b71f4c24
Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> PR-URL: https://github.com/nodejs-private/node-private/pull/315 CVE-ID: CVE-2022-32215,CVE-2022-32214,CVE-2022-32212
41 lines
934 B
JavaScript
41 lines
934 B
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
|
|
// Test https://hackerone.com/reports/735748 is fixed.
|
|
|
|
const assert = require('assert');
|
|
const http = require('http');
|
|
const net = require('net');
|
|
|
|
const REQUEST_BB = `POST / HTTP/1.1
|
|
Content-Type: text/plain; charset=utf-8
|
|
Host: hacker.exploit.com
|
|
Connection: keep-alive
|
|
Content-Length: 10
|
|
Transfer-Encoding: eee, chunked
|
|
|
|
HELLOWORLDPOST / HTTP/1.1
|
|
Content-Type: text/plain; charset=utf-8
|
|
Host: hacker.exploit.com
|
|
Connection: keep-alive
|
|
Content-Length: 28
|
|
|
|
I AM A SMUGGLED REQUEST!!!
|
|
`;
|
|
|
|
const server = http.createServer(common.mustNotCall());
|
|
|
|
server.on('clientError', common.mustCall((err) => {
|
|
assert.strictEqual(err.code, 'HPE_UNEXPECTED_CONTENT_LENGTH');
|
|
server.close();
|
|
}));
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const client = net.connect(
|
|
server.address().port,
|
|
common.mustCall(() => {
|
|
client.end(REQUEST_BB.replace(/\n/g, '\r\n'));
|
|
}));
|
|
}));
|