jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-11 01:27:14 +00:00
Code Issues Actions 15 Packages Projects Releases Wiki Activity
8b51c1a869
node/test/parallel/test-http-header-overflow.js
Paolo Insogna 2e92e5b71d http: disable chunked encoding when OBS fold is used 
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
PR-URL: #341
CVE-ID: CVE-2022-32213, CVE-2022-32215, CVE-2022-35256
2022-09-23 12:37:02 -03:00

51 lines
1.4 KiB
JavaScript
Raw Blame History

// Flags: --expose-internals
'use strict';
const { expectsError, mustCall } = require('../common');
const assert = require('assert');
const { createServer, maxHeaderSize } = require('http');
const { createConnection } = require('net');
const CRLF = '\r\n';
const DUMMY_HEADER_NAME = 'Cookie: ';
const DUMMY_HEADER_VALUE = 'a'.repeat(
// Plus one is to make it 1 byte too big
maxHeaderSize - DUMMY_HEADER_NAME.length + 2
);
const PAYLOAD_GET = 'GET /blah HTTP/1.1';
const PAYLOAD = PAYLOAD_GET + CRLF +
DUMMY_HEADER_NAME + DUMMY_HEADER_VALUE + CRLF.repeat(2);
const server = createServer();
server.on('connection', mustCall((socket) => {
socket.on('error', expectsError({
name: 'Error',
message: 'Parse Error: Header overflow',
code: 'HPE_HEADER_OVERFLOW',
bytesParsed: maxHeaderSize + PAYLOAD_GET.length + (CRLF.length * 2) + 1,
rawPacket: Buffer.from(PAYLOAD)
}));
}));
server.listen(0, mustCall(() => {
const c = createConnection(server.address().port);
let received = '';
c.on('connect', mustCall(() => {
c.write(PAYLOAD);
}));
c.on('data', mustCall((data) => {
received += data.toString();
}));
c.on('end', mustCall(() => {
assert.strictEqual(
received,
'HTTP/1.1 431 Request Header Fields Too Large\r\n' +
'Connection: close\r\n\r\n'
);
c.end();
}));
c.on('close', mustCall(() => server.close()));
}));
Reference in New Issue View Git Blame Copy Permalink