Skip to content

Commit

Permalink
http: add test for http transfer encoding smuggling
Browse files Browse the repository at this point in the history 
CVE-ID: CVE-2020-8287
Refs: nodejs-private/llhttp-private#3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: nodejs-private/node-private#228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
  • Loading branch information
@mcollina @BethGriggs
mcollina authored and BethGriggs committed Dec 24, 2020
1 parent 641f786 commit 7ecac81
Showing 1 changed file with 44 additions and 0 deletions.
44 changes: 44 additions & 0 deletions test/parallel/test-http-transfer-encoding-smuggling.js
View file
@@ -0,0 +1,44 @@
'use strict';

const common = require('../common');

const http = require('http');
const net = require('net');

const msg = [
'POST / HTTP/1.1',
'Host: 127.0.0.1',
'Transfer-Encoding: chunked',
'Transfer-Encoding: chunked-false',
'Connection: upgrade',
'',
'1',
'A',
'0',
'',
'GET /flag HTTP/1.1',
'Host: 127.0.0.1',
'',
'',
].join('\r\n');

// Verify that the server is called only once even with a smuggled request.

const server = http.createServer(common.mustCall((req, res) => {
res.end();
}, 1));

function send(next) {
const client = net.connect(server.address().port, 'localhost');
client.setEncoding('utf8');
client.on('error', common.mustNotCall());
client.on('end', next);
client.write(msg);
client.resume();
}

server.listen(0, common.mustSucceed(() => {
send(common.mustCall(() => {
server.close();
}));
}));

0 comments on commit 7ecac81

Please sign in to comment.