From 7ecac8143f0a91785ed0bd3b4d9aab5d98419b41 Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Thu, 22 Oct 2020 14:59:58 +0200
Subject: [PATCH] http: add test for http transfer encoding smuggling

CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
---
 .../test-http-transfer-encoding-smuggling.js  | 44 +++++++++++++++++++
 1 file changed, 44 insertions(+)
 create mode 100644 test/parallel/test-http-transfer-encoding-smuggling.js

diff --git a/test/parallel/test-http-transfer-encoding-smuggling.js b/test/parallel/test-http-transfer-encoding-smuggling.js
new file mode 100644
index 00000000000000..77e719d37e143e
--- /dev/null
+++ b/test/parallel/test-http-transfer-encoding-smuggling.js
@@ -0,0 +1,44 @@
+'use strict';
+
+const common = require('../common');
+
+const http = require('http');
+const net = require('net');
+
+const msg = [
+  'POST / HTTP/1.1',
+  'Host: 127.0.0.1',
+  'Transfer-Encoding: chunked',
+  'Transfer-Encoding: chunked-false',
+  'Connection: upgrade',
+  '',
+  '1',
+  'A',
+  '0',
+  '',
+  'GET /flag HTTP/1.1',
+  'Host: 127.0.0.1',
+  '',
+  '',
+].join('\r\n');
+
+// Verify that the server is called only once even with a smuggled request.
+
+const server = http.createServer(common.mustCall((req, res) => {
+  res.end();
+}, 1));
+
+function send(next) {
+  const client = net.connect(server.address().port, 'localhost');
+  client.setEncoding('utf8');
+  client.on('error', common.mustNotCall());
+  client.on('end', next);
+  client.write(msg);
+  client.resume();
+}
+
+server.listen(0, common.mustSucceed(() => {
+  send(common.mustCall(() => {
+    server.close();
+  }));
+}));