Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
test: add regression test for nghttp2 CVE-2018-1000168
PR-URL: nodejs-private/node-private#117 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com>
- Loading branch information
1 parent
01bc571
commit 0d79c84a839fb52ccb9e3f0c46541613a1d3db3a
Showing
with
49 additions
and 0 deletions.
| @@ -0,0 +1,39 @@ | ||
| 'use strict'; | ||
|
|
||
| const common = require('../common'); | ||
|
|
||
| if (!common.hasCrypto) | ||
| common.skip('missing crypto'); | ||
|
|
||
| const http2 = require('http2'); | ||
| const net = require('net'); | ||
| const h2test = require('../common/http2'); | ||
|
|
||
| const server = http2.createServer(); | ||
| server.on('stream', common.mustNotCall()); | ||
|
|
||
| const settings = new h2test.SettingsFrame(); | ||
| const settingsAck = new h2test.SettingsFrame(true); | ||
| const altsvc = new h2test.AltSvcFrame((1 << 14) + 1); | ||
|
|
||
| server.listen(0, () => { | ||
| const client = net.connect(server.address().port, () => { | ||
| client.write(h2test.kClientMagic, () => { | ||
| client.write(settings.data, () => { | ||
| client.write(settingsAck.data); | ||
| // Prior to nghttp2 1.31.1, sending this malformed altsvc frame | ||
| // would cause a segfault. This test is successful if a segfault | ||
| // does not occur. | ||
| client.write(altsvc.data, common.mustCall(() => { | ||
| client.destroy(); | ||
| })); | ||
| }); | ||
| }); | ||
| }); | ||
|
|
||
| // An error may or may not be emitted on the client side, we don't care | ||
| // either way if it is, but we don't want to die if it is. | ||
| client.on('error', () => {}); | ||
| client.on('close', common.mustCall(() => server.close())); | ||
| client.resume(); | ||
| }); |