Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Some URLs can crash the proxy server #415

Open
ruquay opened this Issue · 0 comments

1 participant

@ruquay

It's possible to crash the proxy server using certain URLs in the HTTP request. If the URL causes require("url").parse to return a result with null pathname, such as the one below, the proxy server will crash due to a null reference.

// instantiate HTTP server to actually serve requests
var http = require("http");
http.createServer(function(req, res){
    res.writeHead(200, {"Content-type": "text/plain"});
    res.end("Request proxied\n" + JSON.stringify(req.headers, true, 2));
}).listen(8081);
// proxy server in front of above server
var httpProxy = require("http-proxy");
httpProxy.createServer({ router: { ".*": "127.0.0.1:8081" } }).listen(8080);

// make some requests
var urls = [
    // directly on first server
    "http://localhost:8081/good-url",
    "http://localhost:8081//bad-url?e=a@b",
    // via the proxy server
    "http://localhost:8080/good-url",
    "http://localhost:8080//bad-url?e=a@b" // crashes the proxy server
];
var next = function() {
    var url = urls.shift();
    console.log("GET %s", url);
    http.get(url, function(){
        console.log("OK: %s", url);
        if ( urls.length ) { next(); }
    });
};
next();
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.