-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
lib: throws when invalid hex string in http request #45173
Conversation
Review requested:
|
cc @Flarna What do you thing about this? |
What about just throwing a JS error from C instead of aborting? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Signed-off-by: Juan José Arboleda <soyjuanarbol@gmail.com>
d3872f2
to
0161031
Compare
I think that makes sense; any other reviewer w/ the same idea? I could throw from C instead. |
I feel like this |
I tried to reproduce the same using net instead http but failed. const net = require("net");
const s = net.createConnection(8000);
s.on("connect", () => {
s.write("1", "hex");
}); net just discards the incomplete hex char. Should we aim to be consistent? Update: const net = require("net");
const s = net.createConnection(8000);
s.on("connect", () => {
s.cork()
s.write("a")
s.write("1", "hex");
s.uncork()
}); Seems As this is not specific to HTTP I would vote for a more generic solution like throwing a JS exception in C++ or ignore invalid chars (likely also in C++). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Agreed, this solution should be generic and not limited to HTTP.
I think it might be better implemented in streams themselves.
Nice! Thanks for all the input; I will transform this into a "throw from C layer" approach instead. Thanks again. |
Thinking once more about this. An exception at this place may be hard to catch. To my understanding the data written might be buffered and passed down to native in a later tick without any usercode to place a try/catch around. This and the fact that a single, non buffered write results in ignoring invalid data seems like it's maybe better to ignore it also in the writev case. |
Signed-off-by: Juan José Arboleda soyjuanarbol@gmail.com
May fix: #45150
I don't know why a string that does not follow this condition is considered an invalid hex string, but It is better to throw an exception instead of crashing the whole thing (IMO).
The condition:
CHECK(str->Length() % 2 == 0 && "invalid hex string length");