-
Notifications
You must be signed in to change notification settings - Fork 2.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http-parser: update to 2.9.4.20201223
This is a pseudo-version to integrate upstream changes that haven't been given a version number, as well as a patch from nodejs to fix CVE-2020-8287.
- Loading branch information
Showing
2 changed files
with
63 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,56 @@ | ||
Upstream: no | ||
Patch from NodeJS's vendored version: | ||
https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e | ||
|
||
--- http_parser.c | ||
+++ http_parser.c | ||
@@ -1344,6 +1344,13 @@ size_t http_parser_execute (http_parser *parser, | ||
} else if (parser->index == sizeof(TRANSFER_ENCODING)-2) { | ||
parser->header_state = h_transfer_encoding; | ||
parser->uses_transfer_encoding = 1; | ||
+ | ||
+ /* Multiple `Transfer-Encoding` headers should be treated as | ||
+ * one, but with values separate by a comma. | ||
+ * | ||
+ * See: https://tools.ietf.org/html/rfc7230#section-3.2.2 | ||
+ */ | ||
+ parser->flags &= ~F_CHUNKED; | ||
} | ||
break; | ||
|
||
--- test.c | ||
+++ test.c | ||
@@ -2154,6 +2154,32 @@ const struct message responses[] = | ||
,.body= "2\r\nOK\r\n0\r\n\r\n" | ||
,.num_chunks_complete= 0 | ||
} | ||
+#define HTTP_200_DUPLICATE_TE_NOT_LAST_CHUNKED 30 | ||
+, {.name= "HTTP 200 response with `chunked` and duplicate Transfer-Encoding" | ||
+ ,.type= HTTP_RESPONSE | ||
+ ,.raw= "HTTP/1.1 200 OK\r\n" | ||
+ "Transfer-Encoding: chunked\r\n" | ||
+ "Transfer-Encoding: identity\r\n" | ||
+ "\r\n" | ||
+ "2\r\n" | ||
+ "OK\r\n" | ||
+ "0\r\n" | ||
+ "\r\n" | ||
+ ,.should_keep_alive= FALSE | ||
+ ,.message_complete_on_eof= TRUE | ||
+ ,.http_major= 1 | ||
+ ,.http_minor= 1 | ||
+ ,.status_code= 200 | ||
+ ,.response_status= "OK" | ||
+ ,.content_length= -1 | ||
+ ,.num_headers= 2 | ||
+ ,.headers= | ||
+ { { "Transfer-Encoding", "chunked" } | ||
+ , { "Transfer-Encoding", "identity" } | ||
+ } | ||
+ ,.body= "2\r\nOK\r\n0\r\n\r\n" | ||
+ ,.num_chunks_complete= 0 | ||
+ } | ||
}; | ||
|
||
/* strnlen() is a POSIX.2008 addition. Can't rely on it being available so | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters