mirrors/nodejs
mirrors/nodejs
0
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00
Code Issues Releases Activity
26,431 Commits 52 Branches 857 Tags 1.8 GiB
ce265908eb
Commit Graph

65 Commits

Author SHA1 Message Date
cjihrig
cdcb1b7737
deps: cherry-pick http_parser_set_max_header_size 
This commit adds http_parser_set_max_header_size() to the
http-parser for overriding the compile time maximum HTTP
header size.

PR-URL: https://github.com/nodejs/node/pull/24811
Fixes: https://github.com/nodejs/node/issues/24692
Refs: https://github.com/nodejs/http-parser/pull/453
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com>
 2018-12-20 09:31:51 -05:00
Matteo Collina
186035243f deps,http: http_parser set max header size to 8KB 
CVE-2018-12121

PR-URL: https://github.com/nodejs-private/node-private/pull/143
Ref: https://github.com/nodejs-private/security/issues/139
Ref: https://github.com/nodejs-private/http-parser-private/pull/2
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
 2018-11-28 11:36:34 +11:00
Ben Noordhuis
38b48a62b8
deps: reject interior blanks in Content-Length 
Original commit message follows:

    Before this commit `Content-Length: 4 2` was accepted as a valid
    header and recorded as `parser->content_length = 42`.  Now it is
    a parse error that fails with error `HPE_INVALID_CONTENT_LENGTH`.

    Downstream users that inspect `parser->content_length` and naively
    parse the string value using `strtoul()` might get confused by the
    discrepancy between the two values.  Resolve that by simply not
    letting it happen.

Fixes: https://github.com/nodejs-private/security/issues/178
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
 2018-03-28 12:24:20 -04:00
Ben Noordhuis
32050065f1
deps: upgrade http-parser to v2.8.0 
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
 2018-03-28 12:24:20 -04:00
Fedor Indutny
7f14483352 deps: update to http-parser 2.7.0 
Adds `2` as a return value of `on_headers_complete`, this mode will be
used to fix handling responses to `CONNECT` requests.

See: https://github.com/nodejs/node/pull/6198
PR-URL: https://github.com/nodejs/node/pull/6279
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
 2016-04-19 11:47:39 -04:00
James M Snell
cf0b3dc3f0 deps: sync deps/http_parser with nodejs/http_parser 
The upstream and dep were slightly out of sync due to the way the
recent security update had to be done. This brings the two back
into sync. This update includes a couple of fixed tests and a
performance related semver-patch update to the http method parsing.

PR-URL: https://github.com/nodejs/node/pull/5600
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
 2016-03-08 14:11:12 -08:00
James M Snell
954a4b4b5b deps: update to http-parser 2.6.2 
Fixes http-parser regression with IS_HEADER_CHAR check
Add test case for obstext characters (> 0x80) is header

PR-URL: https://github.com/nodejs/node/pull/5237
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
 2016-02-15 12:45:17 -08:00
James M Snell
4f4c8ab3b4 deps: update http-parser to version 2.6.1 
includes parsing improvements to ensure closer HTTP spec conformance

PR-URL: https://github.com/nodejs/node-private/pull/26
Reviewed-By: Rod Vagg <r@va.gg>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2016-02-09 09:22:03 -08:00
James M Snell
d006d6aa46 deps: update http-parser to 2.6.0 
significant updates:

* [[`777ba4eded`](https://github.com/nodejs/node/commit/777ba4eded)] - **src**: introduce `http_parser_url_init` (Fedor Indutny) [nodejs/http-parser#225](https://github.com/nodejs/http-parser/pull/225)
* [[`e557b62744`](https://github.com/nodejs/node/commit/e557b62744)] - **src**: support LINK/UNLINK (RFC 2068, draft-snell-link-method) (Olivier Mengué) [nodejs/http-parser#267](https://github.com/nodejs/http-parser/pull/267)
* [[`eb5e9928b4`](https://github.com/nodejs/node/commit/eb5e9928b4)] - **src**: support ACL (WebDAV, RFC3744, Section 8.1). (Ivan Enderlin) [joyent/http-parser#260](https://github.com/joyent/http-parser/pull/260)
* [[`8b1d652322`](https://github.com/nodejs/node/commit/8b1d652322)] - **src**: support BIND/REBIND/UNBIND (WebDAV, RFC5842) (Ivan Enderlin) [joyent/http-parser#242](https://github.com/joyent/http-parser/pull/242)
* [[`7d75dd7325`](https://github.com/nodejs/node/commit/7d75dd7325)] - **src**: support IPv6 Zone ID as per RFC 6874 (Tatsuhiro Tsujikawa) [joyent/http-parser#253](https://github.com/joyent/http-parser/pull/253)

PR-URL: https://github.com/nodejs/node/pull/3569
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
 2015-11-03 13:08:05 -08:00
Fedor Indutny
b3a7da1091 deps: update http_parser to 2.5.0 
PR-URL: https://github.com/iojs/io.js/pull/1517
Reviewed-By: Brian White <mscdex@mscdex.net>
 2015-04-24 23:19:28 +02:00
Ben Noordhuis
660509694c deps: roll back http_parser to 2.3.0 
Commit 598efcbe ("deps: update http_parser to 2.4.1") introduced a
regression in HTTP Upgrade header handling.

Fixes: https://github.com/iojs/io.js/issues/627
PR-URL: https://github.com/iojs/io.js/pull/628
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
 2015-01-28 16:56:44 +01:00
Fedor Indutny
88aaff9aa6 deps: update http_parser to 2.4.2 
Fix: https://github.com/iojs/io.js/issues/588
PR-URL: https://github.com/iojs/io.js/pull/604
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2015-01-25 21:34:54 +03:00
Fedor Indutny
598efcbe7f deps: update http_parser to 2.4.1 
PR-URL: https://github.com/iojs/io.js/pull/397
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
 2015-01-15 00:13:40 +03:00
Fedor Indutny
bc8475f236 Revert "deps: update http_parser to 2.4.0" 
The commit breaks windows build and brings some test failures that needs
to be debugged.

This reverts commit d790f61221.
 2015-01-14 04:34:45 +03:00
Fedor Indutny
d790f61221 deps: update http_parser to 2.4.0 
PR-URL: https://github.com/iojs/io.js/pull/345
Reviewed-By: Rod Vagg <rod@vagg.org>
 2015-01-14 03:10:18 +03:00
Fedor Indutny
2f0017aa53 deps: update http_parser to 2.3.0 2014-07-23 23:08:46 +04:00
Fedor Indutny
597eb6a5ae deps: update http_parser to 2.2.1 
Main changes:

  * Fixed content-length and chunk-size overflow test
 2014-01-29 03:23:52 +04:00
Fedor Indutny
a35a2f0192 deps: update http_parser to 2.2 
Main changes:

* Added support for http statusMessage
 2013-12-20 17:33:29 +04:00
Ben Noordhuis
8d42c6344b deps: upgrade http_parser to 303c4e4 
Upgrade to joyent/http-parser@303c4e4. Changes:

  * Do not accept PUN/GEM methods as PUT/GET.
  * Further request method check strengthening.
 2013-08-21 03:40:43 +02:00
Ben Noordhuis
4784ea1a29 deps: upgrade http_parser to ad3b631 2012-08-30 00:06:47 +02:00
isaacs
ecca7525cc Merge remote-tracking branch 'ry/v0.6' into master 
Conflicts:
	AUTHORS
	ChangeLog
	LICENSE
	Makefile
	deps/http_parser/test.c
	deps/npm/AUTHORS
	deps/npm/html/api/bin.html
	deps/npm/html/api/bugs.html
	deps/npm/html/api/commands.html
	deps/npm/html/api/config.html
	deps/npm/html/api/deprecate.html
	deps/npm/html/api/docs.html
	deps/npm/html/api/edit.html
	deps/npm/html/api/explore.html
	deps/npm/html/api/help-search.html
	deps/npm/html/api/init.html
	deps/npm/html/api/install.html
	deps/npm/html/api/link.html
	deps/npm/html/api/load.html
	deps/npm/html/api/ls.html
	deps/npm/html/api/npm.html
	deps/npm/html/api/outdated.html
	deps/npm/html/api/owner.html
	deps/npm/html/api/pack.html
	deps/npm/html/api/prefix.html
	deps/npm/html/api/prune.html
	deps/npm/html/api/publish.html
	deps/npm/html/api/rebuild.html
	deps/npm/html/api/restart.html
	deps/npm/html/api/root.html
	deps/npm/html/api/run-script.html
	deps/npm/html/api/search.html
	deps/npm/html/api/shrinkwrap.html
	deps/npm/html/api/start.html
	deps/npm/html/api/stop.html
	deps/npm/html/api/submodule.html
	deps/npm/html/api/tag.html
	deps/npm/html/api/test.html
	deps/npm/html/api/uninstall.html
	deps/npm/html/api/unpublish.html
	deps/npm/html/api/update.html
	deps/npm/html/api/version.html
	deps/npm/html/api/view.html
	deps/npm/html/api/whoami.html
	deps/npm/html/doc/README.html
	deps/npm/html/doc/adduser.html
	deps/npm/html/doc/bin.html
	deps/npm/html/doc/bugs.html
	deps/npm/html/doc/build.html
	deps/npm/html/doc/bundle.html
	deps/npm/html/doc/cache.html
	deps/npm/html/doc/changelog.html
	deps/npm/html/doc/coding-style.html
	deps/npm/html/doc/completion.html
	deps/npm/html/doc/config.html
	deps/npm/html/doc/deprecate.html
	deps/npm/html/doc/developers.html
	deps/npm/html/doc/disputes.html
	deps/npm/html/doc/docs.html
	deps/npm/html/doc/edit.html
	deps/npm/html/doc/explore.html
	deps/npm/html/doc/faq.html
	deps/npm/html/doc/folders.html
	deps/npm/html/doc/help-search.html
	deps/npm/html/doc/help.html
	deps/npm/html/doc/index.html
	deps/npm/html/doc/init.html
	deps/npm/html/doc/install.html
	deps/npm/html/doc/json.html
	deps/npm/html/doc/link.html
	deps/npm/html/doc/list.html
	deps/npm/html/doc/npm.html
	deps/npm/html/doc/outdated.html
	deps/npm/html/doc/owner.html
	deps/npm/html/doc/pack.html
	deps/npm/html/doc/prefix.html
	deps/npm/html/doc/prune.html
	deps/npm/html/doc/publish.html
	deps/npm/html/doc/rebuild.html
	deps/npm/html/doc/registry.html
	deps/npm/html/doc/removing-npm.html
	deps/npm/html/doc/restart.html
	deps/npm/html/doc/root.html
	deps/npm/html/doc/run-script.html
	deps/npm/html/doc/scripts.html
	deps/npm/html/doc/search.html
	deps/npm/html/doc/semver.html
	deps/npm/html/doc/shrinkwrap.html
	deps/npm/html/doc/star.html
	deps/npm/html/doc/start.html
	deps/npm/html/doc/stop.html
	deps/npm/html/doc/submodule.html
	deps/npm/html/doc/tag.html
	deps/npm/html/doc/test.html
	deps/npm/html/doc/uninstall.html
	deps/npm/html/doc/unpublish.html
	deps/npm/html/doc/update.html
	deps/npm/html/doc/version.html
	deps/npm/html/doc/view.html
	deps/npm/html/doc/whoami.html
	deps/npm/lib/npm.js
	deps/npm/man/man1/npm.1
	deps/npm/man/man3/npm.3
	deps/npm/node_modules/fstream-npm/fstream-npm.js
	deps/npm/node_modules/fstream-npm/node_modules/fstream-ignore/package.json
	deps/npm/node_modules/fstream-npm/package.json
	deps/npm/node_modules/node-gyp/LICENSE
	deps/npm/node_modules/node-gyp/lib/build.js
	deps/npm/node_modules/node-gyp/lib/install.js
	deps/npm/node_modules/node-gyp/node_modules/ansi/package.json
	deps/npm/node_modules/node-gyp/node_modules/glob/package.json
	deps/npm/node_modules/node-gyp/package.json
	deps/npm/package.json
	deps/uv/test/test-fs.c
	deps/v8/src/regexp-macro-assembler-tracer.cc
	deps/v8/src/version.cc
	src/node_version.h
	src/platform_sunos.cc
	test/simple/test-net-write-after-close.js
	wscript
 2012-04-18 11:57:54 -07:00
Ben Noordhuis
d03b80bc12 deps: upgrade http_parser to joyent/http-parser@da91852 2012-04-14 23:12:36 +02:00
Ben Noordhuis
44527e6023 deps: upgrade http_parser to joyent/http-parser@b47c44d 2012-03-17 16:22:39 +01:00
Ben Noordhuis
79cbe1fdbb deps: upgrade http_parser to 8bec3ea 2012-03-12 02:20:52 +01:00
Ben Noordhuis
f0c5165f81 http_parser: upgrade to 62110ef 2012-02-20 16:12:33 +01:00
Ryan Dahl
3abebfea98 Upgrade http-parser to joyent/http-parser@2498961 2011-11-22 12:56:01 -08:00
Peter Bright
16788f461a Rename gyp files to produce useful solution names. 
Hoist common settings into common.gypi.

Restrict v8's common.gypi to v8 projects.

Ensure v8 doesn't use /MP in debug builds.

Add basic settings for other platforms.

Make uv import common.gypi properly.

Remove LTCG warning.
 2011-08-13 19:57:42 -07:00
Peter Bright
6ac8c55989 Make MSVS build. 
MSVS settings don't actually need to be guarded by conditions. gyp will do
the right thing.
 2011-08-06 22:39:28 -07:00
Ryan Dahl
610436f242 clean merge scabs 2011-08-06 03:46:41 -07:00
Ryan Dahl
518430db3a WIP 2011-08-06 03:12:05 -07:00
Ryan Dahl
4f3c8b3972 WIP 2011-08-06 03:11:33 -07:00
Ryan Dahl
c3ccbea5cd Upgrade http_parser to 965f91bc76b2d1601e23 2011-08-06 03:04:42 -07:00
Ryan Dahl
4956e3c0a2 Upgrade http-parser to eee60127c0df551be085cc8e7983e36d7700d885 2011-06-03 14:12:14 +02:00
Ryan Dahl
e42c74e141 Upgrade http-parser 2011-02-04 18:03:26 -08:00
Tom Hughes
446beebd79 Add cmake build support. 
Squashed commit of ca128f7dcd28cbcfba154c8577ed54d4aa71dd02 with
contributions from Mark Constable (markc@renta.net) and Daniel Gröber
(darklord@darkboxed.org).
 2010-11-22 13:32:49 -08:00
Ryan Dahl
d695486185 Upgrade http-parser 2010-11-21 21:39:14 -08:00
Ryan Dahl
d23643051e Upgrade http-parser again 2010-11-10 22:12:47 -08:00
Ryan Dahl
8285f12864 Upgrade http-parser 2010-11-09 15:02:18 -08:00
Nathan Rajlich
9b1ff070e6 Upgrade http-parser with a fix for spaces in headers 2010-10-13 02:47:10 -07:00
Ryan Dahl
e59b3f0eb3 Upgrade http-parser for clang compat 2010-07-31 14:32:59 -07:00
Ryan Dahl
23cf556c6c Upgrade http-parser 
support for
- long messages
- spaces in header fields
 2010-07-26 15:02:20 -07:00
Ryan Dahl
11a784d6da Upgrade http-parser 2010-07-17 01:22:16 -07:00
Ryan Dahl
8825c74e7a Upgrade http-parser 2010-06-23 21:10:13 -07:00
Ryan Dahl
9be6c501ec Upgrade http-parser 2010-06-06 17:41:03 -07:00
Ryan Dahl
2fca40e44f Upgrade http-parser 2010-05-25 19:25:35 -07:00
Ryan Dahl
f919216446 Upgrade http-parser, fixes issue 77 
http://github.com/ry/node/issues#issue/77
 2010-04-28 23:28:52 -07:00
Ryan Dahl
af49187e57 Upgrade http-parser 2010-04-14 03:22:38 -07:00
Ryan Dahl
54d4efd44b Upgrade http-parser 
Now at version 6f72c780f0a237a775150a9963bcdf5299685cde
 2010-03-22 09:00:43 -07:00
Ryan Dahl
ce4204a069 Upgrade http-parser 
Fixes, among other things, a header overflow attack.
 2010-02-02 16:40:59 -08:00
Ryan Dahl
c9e21435c0 Upgrade http-parser 2010-01-09 01:52:49 -08:00