http: disable chunked encoding when OBS fold is used

Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> PR-URL: #341 CVE-ID: CVE-2022-32213, CVE-2022-32215, CVE-2022-35256
2025-08-16 14:18:44 +02:00 · 2022-09-19 14:37:21 +02:00 · 2022-09-19 14:37:21 +02:00 · 2e92e5b71d
commit 2e92e5b71d
parent 5cc36c39d2
6 changed files with 379 additions and 287 deletions
--- a/test/parallel/test-http-header-overflow.js
+++ b/test/parallel/test-http-header-overflow.js
@ -6,13 +6,11 @@ const assert = require('assert');
 const { createServer, maxHeaderSize } = require('http');
 const { createConnection } = require('net');

-const { getOptionValue } = require('internal/options');
-
 const CRLF = '\r\n';
 const DUMMY_HEADER_NAME = 'Cookie: ';
 const DUMMY_HEADER_VALUE = 'a'.repeat(
  // Plus one is to make it 1 byte too big
-  maxHeaderSize - DUMMY_HEADER_NAME.length - (2 * CRLF.length) + 1
+  maxHeaderSize - DUMMY_HEADER_NAME.length + 2
 );
 const PAYLOAD_GET = 'GET /blah HTTP/1.1';
 const PAYLOAD = PAYLOAD_GET + CRLF +
@ -21,14 +19,11 @@ const PAYLOAD = PAYLOAD_GET + CRLF +
 const server = createServer();

 server.on('connection', mustCall((socket) => {
-  // Legacy parser gives sligthly different response.
-  // This discripancy is not fixed on purpose.
-  const legacy = getOptionValue('--http-parser') === 'legacy';
  socket.on('error', expectsError({
    name: 'Error',
    message: 'Parse Error: Header overflow',
    code: 'HPE_HEADER_OVERFLOW',
-    bytesParsed: maxHeaderSize + PAYLOAD_GET.length - (legacy ? -1 : 0),
+    bytesParsed: maxHeaderSize + PAYLOAD_GET.length + (CRLF.length * 2) + 1,
    rawPacket: Buffer.from(PAYLOAD)
  }));
 }));