archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

http: add maximum chunk extension size

Browse source 
PR-URL: https://github.com/nodejs-private/node-private/pull/518
Fixes: https://hackerone.com/reports/2233486
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2024-22019
This commit is contained in:
Paolo Insogna 2024-01-03 07:23:15 +01:00 committed by RafaelGSS
parent 834ae3785b
commit 03a5c34a82
3 changed files with 159 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/_http_server.js
View file

@ -866,6 +866,11 @@ const requestHeaderFieldsTooLargeResponse = Buffer.from(
'Connection: close\r\n\r\n', 'ascii',
);
const requestChunkExtensionsTooLargeResponse = Buffer.from(
`HTTP/1.1 413 ${STATUS_CODES[413]}\r\n` +
'Connection: close\r\n\r\n', 'ascii',
);
function socketOnError(e) {
// Ignore further errors
this.removeListener('error', socketOnError);
@ -886,6 +891,9 @@ function socketOnError(e) {
case 'HPE_HEADER_OVERFLOW':
response = requestHeaderFieldsTooLargeResponse;
break;
case 'HPE_CHUNK_EXTENSIONS_OVERFLOW':
response = requestChunkExtensionsTooLargeResponse;
break;
case 'ERR_HTTP_REQUEST_TIMEOUT':
response = requestTimeoutResponse;
break;