From 0da7a11e543f17617caf5ac0baf0773cbee35625 Mon Sep 17 00:00:00 2001 From: Rich Trott Date: Sun, 28 Mar 2021 11:29:01 -0700 Subject: [PATCH] test,http: check that http server is robust from handler abuse The only way I could find to complete coverage for _http_common.js is to use semi-private (exposed but probably shouldn't be) handlers to get the state into something weird. With the if-condition being checked (see Refs) commented out, I get this result from this test: ``` node:_http_common:140 if (len > 0 && !stream._dumped) { ^ TypeError: Cannot read property '_dumped' of null at HTTPParser.parserOnBody (node:_http_common:140:26) ``` With the check in place, the test passes without an error. Seems like quite the edge case, but I'm going to assume it's there for a reason. Refs: https://coverage.nodejs.org/coverage-b560645d6b0a4bed/lib/_http_common.js.html#L137 PR-URL: https://github.com/nodejs/node/pull/37958 Reviewed-By: Colin Ihrig Reviewed-By: James M Snell --- ...st-http-req-close-robust-from-tampering.js | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) create mode 100644 test/parallel/test-http-req-close-robust-from-tampering.js diff --git a/test/parallel/test-http-req-close-robust-from-tampering.js b/test/parallel/test-http-req-close-robust-from-tampering.js new file mode 100644 index 00000000000000..46ae0c0e297158 --- /dev/null +++ b/test/parallel/test-http-req-close-robust-from-tampering.js @@ -0,0 +1,26 @@ +'use strict'; +const common = require('../common'); +const { createServer } = require('http'); +const { connect } = require('net'); + +// Make sure that calling the semi-private close() handlers manually doesn't +// cause an error. + +const server = createServer(common.mustCall((req, res) => { + req.client._events.close.forEach((fn) => { fn.bind(req)(); }); +})); + +server.unref(); + +server.listen(0, common.mustCall(() => { + const client = connect(server.address().port); + + const req = [ + 'POST / HTTP/1.1', + 'Content-Length: 11', + '', + 'hello world', + ].join('\r\n'); + + client.end(req); +}));