Skip to content

Commit c5dbe83

Browse files
mcollinaBethGriggs
mcollina
authored and
BethGriggs
committed
http: add test for http transfer encoding smuggling
CVE-ID: CVE-2020-8287 Refs: nodejs-private/llhttp-private#3 Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs PR-URL: nodejs-private/node-private#228 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
1 parent e0c9a22 commit c5dbe83

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

test/parallel/test-http-transfer-encoding-smuggling.js

+44
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
'use strict';
2+
3+
const common = require('../common');
4+
5+
const http = require('http');
6+
const net = require('net');
7+
8+
const msg = [
9+
'POST / HTTP/1.1',
10+
'Host: 127.0.0.1',
11+
'Transfer-Encoding: chunked',
12+
'Transfer-Encoding: chunked-false',
13+
'Connection: upgrade',
14+
'',
15+
'1',
16+
'A',
17+
'0',
18+
'',
19+
'GET /flag HTTP/1.1',
20+
'Host: 127.0.0.1',
21+
'',
22+
'',
23+
].join('\r\n');
24+
25+
// Verify that the server is called only once even with a smuggled request.
26+
27+
const server = http.createServer(common.mustCall((req, res) => {
28+
res.end();
29+
}, 1));
30+
31+
function send(next) {
32+
const client = net.connect(server.address().port, 'localhost');
33+
client.setEncoding('utf8');
34+
client.on('error', common.mustNotCall());
35+
client.on('end', next);
36+
client.write(msg);
37+
client.resume();
38+
}
39+
40+
server.listen(0, common.mustSucceed(() => {
41+
send(common.mustCall(() => {
42+
server.close();
43+
}));
44+
}));

0 commit comments

Comments
 (0)