|
|
|
// Flags: --security-revert=CVE-2016-2216
|
|
|
|
'use strict';
|
|
|
|
const common = require('../common');
|
|
|
|
const assert = require('assert');
|
|
|
|
const http = require('http');
|
|
|
|
|
|
|
|
var testIndex = 0;
|
|
|
|
const testCount = 2 * 4 * 6;
|
|
|
|
const responseBody = 'Hi mars!';
|
|
|
|
|
|
|
|
var server = http.createServer(function(req, res) {
|
|
|
|
function reply(header) {
|
|
|
|
switch (testIndex % 4) {
|
|
|
|
case 0:
|
|
|
|
res.writeHead(200, { a: header, b: header });
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
res.setHeader('a', header);
|
|
|
|
res.setHeader('b', header);
|
|
|
|
res.writeHead(200);
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
res.setHeader('a', header);
|
|
|
|
res.writeHead(200, { b: header });
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
res.setHeader('a', [header]);
|
|
|
|
res.writeHead(200, { b: header });
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
assert.fail(null, null, 'unreachable');
|
|
|
|
}
|
|
|
|
res.write(responseBody);
|
|
|
|
if (testIndex % 8 < 4) {
|
|
|
|
res.addTrailers({ ta: header, tb: header });
|
|
|
|
} else {
|
|
|
|
res.addTrailers([['ta', header], ['tb', header]]);
|
|
|
|
}
|
|
|
|
res.end();
|
|
|
|
}
|
|
|
|
switch ((testIndex / 8) | 0) {
|
|
|
|
case 0:
|
|
|
|
reply('foo \r\ninvalid: bar');
|
|
|
|
break;
|
|
|
|
case 1:
|
|
|
|
reply('foo \ninvalid: bar');
|
|
|
|
break;
|
|
|
|
case 2:
|
|
|
|
reply('foo \rinvalid: bar');
|
|
|
|
break;
|
|
|
|
case 3:
|
|
|
|
reply('foo \n\n\ninvalid: bar');
|
|
|
|
break;
|
|
|
|
case 4:
|
|
|
|
reply('foo \r\n \r\n \r\ninvalid: bar');
|
|
|
|
break;
|
|
|
|
case 5:
|
|
|
|
reply('foo \r \n \r \n \r \ninvalid: bar');
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
assert(false);
|
|
|
|
}
|
|
|
|
if (++testIndex === testCount) {
|
|
|
|
server.close();
|
|
|
|
}
|
|
|
|
});
|
|
|
|
|
|
|
|
server.listen(0, common.mustCall(function() {
|
|
|
|
const port = this.address().port;
|
|
|
|
for (var i = 0; i < testCount; i++) {
|
|
|
|
http.get({ port: port, path: '/' }, common.mustCall(function(res) {
|
|
|
|
assert.strictEqual(res.headers.a, 'foo invalid: bar');
|
|
|
|
assert.strictEqual(res.headers.b, 'foo invalid: bar');
|
|
|
|
assert.strictEqual(res.headers.foo, undefined);
|
|
|
|
assert.strictEqual(res.headers.invalid, undefined);
|
|
|
|
var data = '';
|
|
|
|
res.setEncoding('utf8');
|
|
|
|
res.on('data', function(s) { data += s; });
|
|
|
|
res.on('end', common.mustCall(function() {
|
|
|
|
assert.equal(data, responseBody);
|
|
|
|
assert.strictEqual(res.trailers.ta, 'foo invalid: bar');
|
|
|
|
assert.strictEqual(res.trailers.tb, 'foo invalid: bar');
|
|
|
|
assert.strictEqual(res.trailers.foo, undefined);
|
|
|
|
assert.strictEqual(res.trailers.invalid, undefined);
|
|
|
|
}));
|
|
|
|
res.resume();
|
|
|
|
}));
|
|
|
|
}
|
|
|
|
}));
|