diff options
author | Anna Henningsen <anna@addaleax.net> | 2019-08-10 23:10:54 +0200 |
---|---|---|
committer | Michaƫl Zasso <targos@protonmail.com> | 2019-08-15 09:51:52 +0200 |
commit | b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9 (patch) | |
tree | ee010c753c6f748befb870fc6873313a54636f4c /src/node_http2.h | |
parent | a54af9e1888c01f9a9553eb0e91664a249cabe96 (diff) | |
download | android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.tar.gz android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.tar.bz2 android-node-v8-b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9.zip |
http2: handle 0-length headers better
Ignore headers with 0-length names and track memory for headers
the way we track it for other HTTP/2 session memory too.
This is intended to mitigate CVE-2019-9516.
PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_http2.h')
0 files changed, 0 insertions, 0 deletions