diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2018-03-27 16:45:33 +0200 |
---|---|---|
committer | Myles Borins <mylesborins@google.com> | 2018-03-28 12:24:20 -0400 |
commit | 38b48a62b851f5895b50204dff0df7608b9fa848 (patch) | |
tree | 1870cad67c73b0f1868ac9ab03add899172f4eaf /test/cctest | |
parent | 32050065f15de0f2e68adb2387694c094da28ca2 (diff) | |
download | android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.tar.gz android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.tar.bz2 android-node-v8-38b48a62b851f5895b50204dff0df7608b9fa848.zip |
deps: reject interior blanks in Content-Length
Original commit message follows:
Before this commit `Content-Length: 4 2` was accepted as a valid
header and recorded as `parser->content_length = 42`. Now it is
a parse error that fails with error `HPE_INVALID_CONTENT_LENGTH`.
Downstream users that inspect `parser->content_length` and naively
parse the string value using `strtoul()` might get confused by the
discrepancy between the two values. Resolve that by simply not
letting it happen.
Fixes: https://github.com/nodejs-private/security/issues/178
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Diffstat (limited to 'test/cctest')
0 files changed, 0 insertions, 0 deletions