Skip to content

Commit

Permalink
http2: add invalidheaders test
Browse files Browse the repository at this point in the history
Refs: #29829

PR-URL: #33161
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Denys Otrishko <shishugi@gmail.com>
  • Loading branch information
rexagod authored and mcollina committed Jun 17, 2020
1 parent ee7f0e3 commit 1e4187f
Show file tree
Hide file tree
Showing 4 changed files with 84 additions and 9 deletions.
2 changes: 1 addition & 1 deletion lib/internal/http2/compat.js
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ let statusConnectionHeaderWarned = false;
// close as possible to the current require('http') API

const assertValidHeader = hideStackFrames((name, value) => {
if (name === '' || typeof name !== 'string') {
if (name === '' || typeof name !== 'string' || name.indexOf(' ') >= 0) {
throw new ERR_INVALID_HTTP_TOKEN('Header name', name);
}
if (isPseudoHeader(name)) {
Expand Down
6 changes: 5 additions & 1 deletion lib/internal/http2/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@ const {
ERR_HTTP2_INVALID_CONNECTION_HEADERS,
ERR_HTTP2_INVALID_PSEUDOHEADER,
ERR_HTTP2_INVALID_SETTING_VALUE,
ERR_INVALID_ARG_TYPE
ERR_INVALID_ARG_TYPE,
ERR_INVALID_HTTP_TOKEN
},
addCodeToName,
hideStackFrames
Expand Down Expand Up @@ -490,6 +491,9 @@ function mapToHeaders(map,
count++;
continue;
}
if (key.indexOf(' ') >= 0) {
throw new ERR_INVALID_HTTP_TOKEN('Header name', key);
}
if (isIllegalConnectionSpecificHeader(key, value)) {
throw new ERR_HTTP2_INVALID_CONNECTION_HEADERS(key);
}
Expand Down
65 changes: 65 additions & 0 deletions test/parallel/test-http2-invalidheaderfield.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) { common.skip('missing crypto'); }

// Check for:
// Spaced headers
// Psuedo headers
// Capitalized headers

const http2 = require('http2');
const { throws, strictEqual } = require('assert');

const server = http2.createServer(common.mustCall((req, res) => {
throws(() => {
res.setHeader(':path', '/');
}, {
code: 'ERR_HTTP2_PSEUDOHEADER_NOT_ALLOWED'
});
throws(() => {
res.setHeader('t est', 123);
}, {
code: 'ERR_INVALID_HTTP_TOKEN'
});
res.setHeader('TEST', 123);
res.setHeader('test_', 123);
res.setHeader(' test', 123);
res.end();
}));

server.listen(0, common.mustCall(() => {
const session1 = http2.connect(`http://localhost:${server.address().port}`);
session1.request({ 'test_': 123, 'TEST': 123 })
.on('end', common.mustCall(() => {
session1.close();
server.close();
}));

const session2 = http2.connect(`http://localhost:${server.address().port}`);
session2.on('error', common.mustCall((e) => {
strictEqual(e.code, 'ERR_INVALID_HTTP_TOKEN');
}));
throws(() => {
session2.request({ 't est': 123 });
}, {
code: 'ERR_INVALID_HTTP_TOKEN'
});

const session3 = http2.connect(`http://localhost:${server.address().port}`);
session3.on('error', common.mustCall((e) => {
strictEqual(e.code, 'ERR_INVALID_HTTP_TOKEN');
}));
throws(() => {
session3.request({ ' test': 123 });
}, {
code: 'ERR_INVALID_HTTP_TOKEN'
});

const session4 = http2.connect(`http://localhost:${server.address().port}`);
throws(() => {
session4.request({ ':test': 123 });
}, {
code: 'ERR_HTTP2_INVALID_PSEUDOHEADER'
});
session4.close();
}));
20 changes: 13 additions & 7 deletions test/parallel/test-http2-invalidheaderfields-client.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,11 @@ const server1 = http2.createServer();
server1.listen(0, common.mustCall(() => {
const session = http2.connect(`http://localhost:${server1.address().port}`);
// Check for req headers
session.request({ 'no underscore': 123 });
assert.throws(() => {
session.request({ 'no underscore': 123 });
}, {
code: 'ERR_INVALID_HTTP_TOKEN'
});
session.on('error', common.mustCall((e) => {
assert.strictEqual(e.code, 'ERR_INVALID_HTTP_TOKEN');
server1.close();
Expand All @@ -18,15 +22,18 @@ server1.listen(0, common.mustCall(() => {

const server2 = http2.createServer(common.mustCall((req, res) => {
// check for setHeader
res.setHeader('x y z', 123);
assert.throws(() => {
res.setHeader('x y z', 123);
}, {
code: 'ERR_INVALID_HTTP_TOKEN'
});
res.end();
}));

server2.listen(0, common.mustCall(() => {
const session = http2.connect(`http://localhost:${server2.address().port}`);
const req = session.request();
req.on('error', common.mustCall((e) => {
assert.strictEqual(e.code, 'ERR_HTTP2_STREAM_ERROR');
req.on('end', common.mustCall(() => {
session.close();
server2.close();
}));
Expand All @@ -39,16 +46,15 @@ const server3 = http2.createServer(common.mustCall((req, res) => {
'an invalid header': 123
});
}), {
code: 'ERR_HTTP2_INVALID_STREAM'
code: 'ERR_INVALID_HTTP_TOKEN'
});
res.end();
}));

server3.listen(0, common.mustCall(() => {
const session = http2.connect(`http://localhost:${server3.address().port}`);
const req = session.request();
req.on('error', common.mustCall((e) => {
assert.strictEqual(e.code, 'ERR_HTTP2_STREAM_ERROR');
req.on('end', common.mustCall(() => {
server3.close();
session.close();
}));
Expand Down

0 comments on commit 1e4187f

Please sign in to comment.