http2: handle 0-length headers better - android-node-v8.git - Fork of Node.JS that build on Android

diff options

author	Anna Henningsen <anna@addaleax.net>	2019-08-10 23:10:54 +0200
committer	Michaël Zasso <targos@protonmail.com>	2019-08-15 09:51:52 +0200
commit	b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9 (patch)
tree	ee010c753c6f748befb870fc6873313a54636f4c /src/node_http2.h
parent	a54af9e1888c01f9a9553eb0e91664a249cabe96 (diff)
download	android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.tar.gz android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.tar.bz2 android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.zip

http2: handle 0-length headers better

Ignore headers with 0-length names and track memory for headers the way we track it for other HTTP/2 session memory too. This is intended to mitigate CVE-2019-9516. PR-URL: https://github.com/nodejs/node/pull/29122 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>

Diffstat (limited to 'src/node_http2.h')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: