mirror of
https://github.com/nodejs/node.git
synced 2024-11-21 21:19:50 +01:00
19839f8d98
The ABNF for chunk extensions as per RFC 7230 is
chunk-ext = *( ";" chunk-ext-name [ "=" chunk-ext-val ] )
chunk-ext-name = token
chunk-ext-val = token / quoted-string
Add a semicolon after the chunk size for clarity.
This does not invalidate the test as it verifies that the HTTP parser
does not ignore chunk extensions.
PR-URL: https://github.com/nodejs/node/pull/40487
Refs: https://grenfeldt.dev/2021/10/08/gunicorn-20.1.0-public-disclosure-of-request-smuggling
Reviewed-By: James M Snell <jasnell@gmail.com>
44 lines
963 B
JavaScript
44 lines
963 B
JavaScript
'use strict';
|
|
|
|
const common = require('../common');
|
|
const http = require('http');
|
|
const net = require('net');
|
|
const assert = require('assert');
|
|
|
|
// Verify that invalid chunk extensions cannot be used to perform HTTP request
|
|
// smuggling attacks.
|
|
|
|
const server = http.createServer(common.mustCall((request, response) => {
|
|
assert.notStrictEqual(request.url, '/admin');
|
|
response.end('hello world');
|
|
}), 1);
|
|
|
|
server.listen(0, common.mustCall(start));
|
|
|
|
function start() {
|
|
const sock = net.connect(server.address().port);
|
|
|
|
sock.write('' +
|
|
'GET / HTTP/1.1\r\n' +
|
|
'Host: localhost:8080\r\n' +
|
|
'Transfer-Encoding: chunked\r\n' +
|
|
'\r\n' +
|
|
'2;\n' +
|
|
'xx\r\n' +
|
|
'4c\r\n' +
|
|
'0\r\n' +
|
|
'\r\n' +
|
|
'GET /admin HTTP/1.1\r\n' +
|
|
'Host: localhost:8080\r\n' +
|
|
'Transfer-Encoding: chunked\r\n' +
|
|
'\r\n' +
|
|
'0\r\n' +
|
|
'\r\n'
|
|
);
|
|
|
|
sock.resume();
|
|
sock.on('end', common.mustCall(function() {
|
|
server.close();
|
|
}));
|
|
}
|