mirror of https://github.com/lukechilds/node.git
Browse Source
Previously, the reason argument passed to ServerResponse#writeHead was not being properly validated. One could pass CRLFs which could lead to http response splitting. This commit changes the behavior to throw an error in the event any invalid characters are included in the reason. CVE-2016-5325 PR-URL: https://github.com/nodejs/node-private/pull/60 Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>v6
Evan Lucas
8 years ago
committed by
Rod Vagg
2 changed files with 49 additions and 0 deletions
@ -0,0 +1,46 @@ |
|||
'use strict'; |
|||
|
|||
const common = require('../common'); |
|||
const assert = require('assert'); |
|||
const http = require('http'); |
|||
|
|||
function explicit(req, res) { |
|||
assert.throws(() => { |
|||
res.writeHead(200, `OK\r\nContent-Type: text/html\r\n`); |
|||
}, /Invalid character in statusMessage/); |
|||
|
|||
assert.throws(() => { |
|||
res.writeHead(200, 'OK\u010D\u010AContent-Type: gotcha\r\n'); |
|||
}, /Invalid character in statusMessage/); |
|||
|
|||
res.statusMessage = 'OK'; |
|||
res.end(); |
|||
} |
|||
|
|||
function implicit(req, res) { |
|||
assert.throws(() => { |
|||
res.statusMessage = `OK\r\nContent-Type: text/html\r\n`; |
|||
res.writeHead(200); |
|||
}, /Invalid character in statusMessage/); |
|||
res.statusMessage = 'OK'; |
|||
res.end(); |
|||
} |
|||
|
|||
const server = http.createServer((req, res) => { |
|||
if (req.url === '/explicit') { |
|||
explicit(req, res); |
|||
} else { |
|||
implicit(req, res); |
|||
} |
|||
}).listen(common.PORT, common.mustCall(() => { |
|||
const url = `http://localhost:${common.PORT}`; |
|||
let left = 2; |
|||
const check = common.mustCall((res) => { |
|||
left--; |
|||
assert.notEqual(res.headers['content-type'], 'text/html'); |
|||
assert.notEqual(res.headers['content-type'], 'gotcha'); |
|||
if (left === 0) server.close(); |
|||
}, 2); |
|||
http.get(`${url}/explicit`, check).end(); |
|||
http.get(`${url}/implicit`, check).end(); |
|||
})); |
Loading…
Reference in new issue