mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
ee618a7ab2
CVE-2018-12122 An attacker can send a char/s within headers and exahust the resources (file descriptors) of a system even with a tight max header length protection. This PR destroys a socket if it has not received the headers in 40s. PR-URL: https://github.com/nodejs-private/node-private/pull/144 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: James M Snell <jasnell@gmail.com>
40 lines
653 B
JavaScript
40 lines
653 B
JavaScript
'use strict';
|
|
|
|
const { setUnrefTimeout } = require('internal/timers');
|
|
|
|
var nowCache;
|
|
var utcCache;
|
|
|
|
function nowDate() {
|
|
if (!nowCache) cache();
|
|
return nowCache;
|
|
}
|
|
|
|
function utcDate() {
|
|
if (!utcCache) cache();
|
|
return utcCache;
|
|
}
|
|
|
|
function cache() {
|
|
const d = new Date();
|
|
nowCache = d.valueOf();
|
|
utcCache = d.toUTCString();
|
|
setUnrefTimeout(resetCache, 1000 - d.getMilliseconds());
|
|
}
|
|
|
|
function resetCache() {
|
|
nowCache = undefined;
|
|
utcCache = undefined;
|
|
}
|
|
|
|
function ondrain() {
|
|
if (this._httpMessage) this._httpMessage.emit('drain');
|
|
}
|
|
|
|
module.exports = {
|
|
outHeadersKey: Symbol('outHeadersKey'),
|
|
ondrain,
|
|
nowDate,
|
|
utcDate
|
|
};
|