deps: reject interior blanks in Content-Length - android-node-v8.git

diff options

author	Ben Noordhuis <info@bnoordhuis.nl>	2018-03-27 16:45:33 +0200
committer	Myles Borins <mylesborins@google.com>	2018-03-28 12:24:20 -0400
commit	38b48a62b851f5895b50204dff0df7608b9fa848 (patch)
tree	1870cad67c73b0f1868ac9ab03add899172f4eaf /test/cctest
parent	32050065f15de0f2e68adb2387694c094da28ca2 (diff)
download	android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.tar.gz android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.tar.bz2 android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.zip

deps: reject interior blanks in Content-Length

Original commit message follows: Before this commit `Content-Length: 4 2` was accepted as a valid header and recorded as `parser->content_length = 42`. Now it is a parse error that fails with error `HPE_INVALID_CONTENT_LENGTH`. Downstream users that inspect `parser->content_length` and naively parse the string value using `strtoul()` might get confused by the discrepancy between the two values. Resolve that by simply not letting it happen. Fixes: https://github.com/nodejs-private/security/issues/178 PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1 Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Rod Vagg <rod@vagg.org>

Diffstat (limited to 'test/cctest')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: