archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 21:58:48 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
44694 commits 55 branches 897 tags 2 GiB
Commit graph

5 commits

Author SHA1 Message Date
Paolo Insogna
04e16463d1 http: do not allow OBS fold in headers by default 
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Fixes: https://hackerone.com/reports/2237099
PR-URL: https://github.com/nodejs-private/node-private/pull/556
CVE-ID: CVE-2024-27982
 2024-04-03 11:38:30 -03:00
Paolo Insogna
2e92e5b71d http: disable chunked encoding when OBS fold is used 
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
PR-URL: #341
CVE-ID: CVE-2022-32213, CVE-2022-32215, CVE-2022-35256
 2022-09-23 12:37:02 -03:00
Anna Henningsen
febb5390aa
test: remove unnecessary .toString() calls in HTTP tests 
Let’s not have bad examples in our test suite and instead use the
proper way of converting stream data to UTF-8
(i.e. `stream.setEncoding('utf8')`) in all places.

PR-URL: https://github.com/nodejs/node/pull/43731
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
 2022-07-11 15:40:08 +01:00
Paolo Insogna
d9b71f4c24 http: stricter Transfer-Encoding and header separator parsing 
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/315
CVE-ID: CVE-2022-32215,CVE-2022-32214,CVE-2022-32212
 2022-07-07 13:20:40 -03:00
Matteo Collina
029703100f
http: add test for http transfer encoding smuggling 
CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2021-01-04 16:56:30 +00:00