|
|
@ -43,6 +43,10 @@ var parsers = new FreeList('parsers', 1000, function() { |
|
|
|
parser._headers = []; |
|
|
|
parser._url = ''; |
|
|
|
|
|
|
|
// Limit incoming headers count as it may cause
|
|
|
|
// hash collision DoS
|
|
|
|
parser.maxHeadersCount = 1000; |
|
|
|
|
|
|
|
// Only called in the slow case where slow means
|
|
|
|
// that the request headers were either fragmented
|
|
|
|
// across multiple TCP packets or too large to be
|
|
|
@ -78,7 +82,14 @@ var parsers = new FreeList('parsers', 1000, function() { |
|
|
|
parser.incoming.httpVersion = info.versionMajor + '.' + info.versionMinor; |
|
|
|
parser.incoming.url = url; |
|
|
|
|
|
|
|
for (var i = 0, n = headers.length; i < n; i += 2) { |
|
|
|
var n = headers.length; |
|
|
|
|
|
|
|
// If parser.maxHeadersCount <= 0 - assume that there're no limit
|
|
|
|
if (parser.maxHeadersCount > 0) { |
|
|
|
n = Math.min(n, parser.maxHeadersCount << 1); |
|
|
|
} |
|
|
|
|
|
|
|
for (var i = 0; i < n; i += 2) { |
|
|
|
var k = headers[i]; |
|
|
|
var v = headers[i + 1]; |
|
|
|
parser.incoming._addHeaderLine(k.toLowerCase(), v); |
|
|
@ -1158,6 +1169,11 @@ ClientRequest.prototype.onSocket = function(socket) { |
|
|
|
parser.incoming = null; |
|
|
|
req.parser = parser; |
|
|
|
|
|
|
|
// Propagate headers limit from request object to parser
|
|
|
|
if (req.maxHeadersCount) { |
|
|
|
parser.maxHeadersCount = req.maxHeadersCount; |
|
|
|
} |
|
|
|
|
|
|
|
socket._httpMessage = req; |
|
|
|
// Setup "drain" propogation.
|
|
|
|
httpSocketSetup(socket); |
|
|
@ -1444,6 +1460,11 @@ function connectionListener(socket) { |
|
|
|
parser.socket = socket; |
|
|
|
parser.incoming = null; |
|
|
|
|
|
|
|
// Propagate headers limit from server instance to parser
|
|
|
|
if (this.maxHeadersCount) { |
|
|
|
parser.maxHeadersCount = this.maxHeadersCount; |
|
|
|
} |
|
|
|
|
|
|
|
socket.addListener('error', function(e) { |
|
|
|
self.emit('clientError', e); |
|
|
|
}); |
|
|
|