Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: make HTTP_MAX_HEADER_SIZE configurable #24716

Closed
wants to merge 2 commits into from
Closed

build: make HTTP_MAX_HEADER_SIZE configurable #24716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8311677
build: make HTTP_MAX_HEADER_SIZE configurable
mcollina Nov 29, 2018
c0293de
fixup
mcollina Nov 30, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
9 changes: 9 additions & 0 deletions configure.py
View file
Open in desktop
Expand Up @@ -189,6 +189,11 @@
dest='experimental_http_parser',
help='use llhttp instead of http_parser')

parser.add_option('--http-max-header-size',
action='store',
default='8192',
help='set the max size of HTTP headers [default: %default]')

shared_optgroup.add_option('--shared-http-parser',
action='store_true',
dest='shared_http_parser',
Expand Down Expand Up @@ -1594,7 +1599,11 @@ def make_bin_override():

configure_node(output)
configure_library('zlib', output)

# configure http_parser
configure_library('http_parser', output)
output['variables']['http_max_header_size'] = options.http_max_header_size

configure_library('libuv', output)
configure_library('libcares', output)
configure_library('nghttp2', output)
Expand Down
8 changes: 6 additions & 2 deletions deps/http_parser/http_parser.gyp
View file
Open in desktop
Expand Up @@ -47,6 +47,10 @@
],
},

'variables': {
'http_max_header_size%': '8192'
},

'targets': [
{
'target_name': 'http_parser',
Expand All @@ -56,7 +60,7 @@
'defines': [ 'HTTP_PARSER_STRICT=0' ],
'include_dirs': [ '.' ],
},
'defines': [ 'HTTP_MAX_HEADER_SIZE=8192', 'HTTP_PARSER_STRICT=0' ],
'defines': [ 'HTTP_MAX_HEADER_SIZE=<(http_max_header_size)', 'HTTP_PARSER_STRICT=0' ],
'sources': [ './http_parser.c', ],
'conditions': [
['OS=="win"', {
Expand All @@ -79,7 +83,7 @@
'defines': [ 'HTTP_PARSER_STRICT=1' ],
'include_dirs': [ '.' ],
},
'defines': [ 'HTTP_MAX_HEADER_SIZE=8192', 'HTTP_PARSER_STRICT=1' ],
'defines': [ 'HTTP_MAX_HEADER_SIZE=<(http_max_header_size)', 'HTTP_PARSER_STRICT=1' ],
mcollina marked this conversation as resolved.
Show resolved Hide resolved
'sources': [ './http_parser.c', ],
'conditions': [
['OS=="win"', {
Expand Down
6 changes: 5 additions & 1 deletion doc/api/errors.md
View file
Open in desktop
Expand Up @@ -1888,10 +1888,14 @@ changes:
-->

Too much HTTP header data was received. In order to protect against malicious or
malconfigured clients, if more than 8KB of HTTP header data is received then
malconfigured clients, if more than 8KB of HTTP/1 header data is received then
HTTP parsing will abort without a request or response object being created, and
an `Error` with this code will be emitted.

The maximum amount of HTTP/1 header data could be configured and changed
when building node by using `./configure --http-max-header-size=MAX`
for example.

<a id="MODULE_NOT_FOUND"></a>
### MODULE_NOT_FOUND

Expand Down
2 changes: 2 additions & 0 deletions node.gypi
View file
Open in desktop
Expand Up @@ -8,6 +8,7 @@
# all obj files in static libs into the executable or shared lib.
'variables': {
'variables': {
'http_max_header_size%': 8192,
'variables': {
'force_load%': 'true',
'current_type%': '<(_type)',
Expand Down Expand Up @@ -168,6 +169,7 @@
'dependencies': [ 'deps/llhttp/llhttp.gyp:llhttp' ],
}, {
'conditions': [ [ 'node_shared_http_parser=="false"', {
'defines': [ 'HTTP_MAX_HEADER_SIZE=<(http_max_header_size)' ],
'dependencies': [ 'deps/http_parser/http_parser.gyp:http_parser' ],
} ] ],
} ],
Expand Down