diff options
| author | Rod Vagg <rod@vagg.org> | 2018-11-15 09:50:34 +1100 |
|---|---|---|
| committer | Rod Vagg <rod@vagg.org> | 2018-11-28 11:36:34 +1100 |
| commit | f413f7c9cf5749c231c4b4e667dc2cbab959dd59 (patch) | |
| tree | 8020c66973c23ddfb84b080f353421eb941ef103 /src/node_http_parser.cc | |
| parent | 186035243fad247e3955fa0c202987cae99e82db (diff) | |
| download | android-node-v8-f413f7c9cf5749c231c4b4e667dc2cbab959dd59.tar.gz android-node-v8-f413f7c9cf5749c231c4b4e667dc2cbab959dd59.tar.bz2 android-node-v8-f413f7c9cf5749c231c4b4e667dc2cbab959dd59.zip | |
deps,http: llhttp set max header size to 8KB
CVE-2018-12121
As per nodejs-private/node-private#149 for http_parse but for llhttp
Ref: https://github.com/nodejs-private/node-private/pull/143
PR-URL: https://github.com/nodejs-private/node-private/pull/149
Reviewed-By: Matteo Collina <hello@matteocollina.com>
Diffstat (limited to 'src/node_http_parser.cc')
| -rw-r--r-- | src/node_http_parser.cc | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc index f752a003a2..dcc5d8744e 100644 --- a/src/node_http_parser.cc +++ b/src/node_http_parser.cc @@ -852,7 +852,7 @@ class Parser : public AsyncWrap, public StreamListener { static const parser_settings_t settings; #ifdef NODE_EXPERIMENTAL_HTTP - static const uint64_t kMaxHeaderSize = 80 * 1024; + static const uint64_t kMaxHeaderSize = 8 * 1024; #endif /* NODE_EXPERIMENTAL_HTTP */ }; |