http2: do not allow socket manipulation

Because of the specific serialization and processing requirements
of HTTP/2, sockets should not be directly manipulated. This
forbids any interactions with destroy, emit, end, pause, read,
resume and write methods of the socket. It also redirects
setTimeout to session instead of socket.

PR-URL: https://github.com/nodejs/node/pull/16330
Fixes: https://github.com/nodejs/node/issues/16252
Refs: https://github.com/nodejs/node/pull/16211
Reviewed-By: James M Snell <jasnell@gmail.com>

1 files changed, 88 insertions, 0 deletions

diff --git a/test/parallel/test-http2-socket-proxy.js b/test/parallel/test-http2-socket-proxy.js
new file mode 100644
index 0000000000..60f3183779
--- /dev/null
+++ b/test/parallel/test-http2-socket-proxy.js
@@ -0,0 +1,88 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+const assert = require('assert');
+const h2 = require('http2');
+const net = require('net');
+
+// Tests behaviour of the proxied socket on Http2Session
+
+const errMsg = {
+  code: 'ERR_HTTP2_NO_SOCKET_MANIPULATION',
+  type: Error,
+  message: 'HTTP/2 sockets should not be directly manipulated ' +
+           '(e.g. read and written)'
+};
+
+const server = h2.createServer();
+
+server.on('stream', common.mustCall(function(stream, headers) {
+  const socket = stream.session.socket;
+  const session = stream.session;
+
+  assert.ok(socket instanceof net.Socket);
+
+  assert.strictEqual(socket.writable, true);
+  assert.strictEqual(socket.readable, true);
+  assert.strictEqual(typeof socket.address(), 'object');
+
+  socket.setTimeout(987);
+  assert.strictEqual(session._idleTimeout, 987);
+
+  common.expectsError(() => socket.destroy, errMsg);
+  common.expectsError(() => socket.emit, errMsg);
+  common.expectsError(() => socket.end, errMsg);
+  common.expectsError(() => socket.pause, errMsg);
+  common.expectsError(() => socket.read, errMsg);
+  common.expectsError(() => socket.resume, errMsg);
+  common.expectsError(() => socket.write, errMsg);
+
+  common.expectsError(() => (socket.destroy = undefined), errMsg);
+  common.expectsError(() => (socket.emit = undefined), errMsg);
+  common.expectsError(() => (socket.end = undefined), errMsg);
+  common.expectsError(() => (socket.pause = undefined), errMsg);
+  common.expectsError(() => (socket.read = undefined), errMsg);
+  common.expectsError(() => (socket.resume = undefined), errMsg);
+  common.expectsError(() => (socket.write = undefined), errMsg);
+
+  assert.doesNotThrow(() => (socket.on = socket.on));
+  assert.doesNotThrow(() => (socket.once = socket.once));
+
+  stream.respond();
+
+  socket.writable = 0;
+  socket.readable = 0;
+  assert.strictEqual(socket.writable, 0);
+  assert.strictEqual(socket.readable, 0);
+
+  stream.session.destroy();
+
+  socket.setTimeout = undefined;
+  assert.strictEqual(session.setTimeout, undefined);
+
+  stream.session.on('close', common.mustCall(() => {
+    assert.strictEqual(session.socket, undefined);
+  }));
+}));
+
+server.listen(0, common.mustCall(function() {
+  const port = server.address().port;
+  const url = `http://localhost:${port}`;
+  const client = h2.connect(url, common.mustCall(() => {
+    const headers = {
+      ':path': '/',
+      ':method': 'GET',
+      ':scheme': 'http',
+      ':authority': `localhost:${port}`
+    };
+    const request = client.request(headers);
+    request.on('end', common.mustCall(() => {
+      client.destroy();
+      server.close();
+    }));
+    request.end();
+    request.resume();
+  }));
+}));