mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 10:59:27 +00:00
e9ff81016d
PR-URL: https://github.com/nodejs/node/pull/48981 Reviewed-By: Robert Nagy <ronagy@icloud.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com> Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
91 lines
2.2 KiB
JavaScript
91 lines
2.2 KiB
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
const http = require('http');
|
|
const net = require('net');
|
|
const assert = require('assert');
|
|
|
|
// Verify that arbitrary characters after a \r cannot be used to perform HTTP request smuggling attacks.
|
|
|
|
{
|
|
const server = http.createServer(common.mustNotCall());
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const client = net.connect(server.address().port);
|
|
let response = '';
|
|
|
|
client.on('data', common.mustCall((chunk) => {
|
|
response += chunk;
|
|
}));
|
|
|
|
client.setEncoding('utf8');
|
|
client.on('error', common.mustNotCall());
|
|
client.on('end', common.mustCall(() => {
|
|
assert.strictEqual(
|
|
response,
|
|
'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n'
|
|
);
|
|
server.close();
|
|
}));
|
|
|
|
client.write('' +
|
|
'GET / HTTP/1.1\r\n' +
|
|
'Connection: close\r\n' +
|
|
'Host: a\r\n\rZ\r\n' + // Note the Z at the end of the line instead of a \n
|
|
'GET /evil: HTTP/1.1\r\n' +
|
|
'Host: a\r\n\r\n'
|
|
);
|
|
|
|
client.resume();
|
|
}));
|
|
}
|
|
|
|
{
|
|
const server = http.createServer((request, response) => {
|
|
// Since chunk parsing failed, none of this should be called
|
|
|
|
request.on('data', common.mustNotCall());
|
|
request.on('end', common.mustNotCall());
|
|
});
|
|
|
|
server.listen(0, common.mustCall(() => {
|
|
const client = net.connect(server.address().port);
|
|
let response = '';
|
|
|
|
client.on('data', common.mustCall((chunk) => {
|
|
response += chunk;
|
|
}));
|
|
|
|
client.setEncoding('utf8');
|
|
client.on('error', common.mustNotCall());
|
|
client.on('end', common.mustCall(() => {
|
|
assert.strictEqual(
|
|
response,
|
|
'HTTP/1.1 400 Bad Request\r\nConnection: close\r\n\r\n'
|
|
);
|
|
server.close();
|
|
}));
|
|
|
|
client.write('' +
|
|
'GET / HTTP/1.1\r\n' +
|
|
'Host: a\r\n' +
|
|
'Connection: close \r\n' +
|
|
'Transfer-Encoding: chunked \r\n' +
|
|
'\r\n' +
|
|
'5\r\r;ABCD\r\n' + // Note the second \r instead of \n after the chunk length
|
|
'34\r\n' +
|
|
'E\r\n' +
|
|
'0\r\n' +
|
|
'\r\n' +
|
|
'GET / HTTP/1.1 \r\n' +
|
|
'Host: a\r\n' +
|
|
'Content-Length: 5\r\n' +
|
|
'\r\n' +
|
|
'0\r\n' +
|
|
'\r\n'
|
|
);
|
|
|
|
client.resume();
|
|
}));
|
|
}
|