Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Crash if server receives an invalid method name #337

Closed
crystalfp opened this issue Jun 6, 2018 · 8 comments
Closed

Crash if server receives an invalid method name #337

crystalfp opened this issue Jun 6, 2018 · 8 comments

Comments

@crystalfp
Copy link

I use spdy module to provide http2 for my express API server.

"use strict";

/* > Load required modules */
const express = require("express");
const spdy = require("spdy");
const fs = require("fs");

/* > Initialize application */
const app = express();

/* > Endpoint "kb" */
app.get("/api/kb", function(req, res) {res.send("All OK\n");});

if(false) {
	// This does not crash (curl returns "empty reply from server")
	app.listen(9999, () => console.log(`\nServer started\n`));
}
else {
	// This crashes
	const certDir = __dirname + "/js/cert";
	const options = {
		key: fs.readFileSync(certDir + "/server.key"),
		cert: fs.readFileSync(certDir + "/server.crt")
	};

	spdy
		.createServer(options, app)
		.listen(9999, (error) => {
			if(error) {
				console.error(error);
				throw error;
			}
			else {
				console.log(`\nServer started (HTTP/2)\n`);
			}
		});
}

I access the API with the following curl command:

C:/apps/curl/bin/curl.exe -k -X INVALID https://localhost:9999/api/kb

Note that I access the API with an invalid method name. In this case the server crashes with the following stack trace:

TypeError: Cannot read property 'toLowerCase' of null
    at Route._handles_method (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\route.js:63:21)
    at next (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\index.js:244:30)
    at expressInit (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\middleware\init.js:40:5)
    at Layer.handle [as handle_request] (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\layer.js:95:5)
    at trim_prefix (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\index.js:317:13)
    at D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\index.js:284:7
    at Function.process_params (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\index.js:335:12)
    at next (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\index.js:275:10)
    at query (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\middleware\query.js:45:5)
    at Layer.handle [as handle_request] (D:\Projects\IdeaMixerNodeJS\node_modules\express\lib\router\layer.js:95:5)

If you change if(false) to if(true) the server does not crash and curl returns "empty reply from server". So really don't know if it is a spdy problem or something that comes form the spdy interaction with express. Please advise. Thanks!
@crystalfp
Copy link
Author

Well, if I change spdy to https the server does not crash anymore (that is, I changed the require and the spdy invocation).

@yindia
Copy link

yindia commented Jan 6, 2019

@crystalfp Hey, I am trying to reproduce the error but i am getting
curl: (52) Empty reply from server without server crashing when i am using curl -k -X INVALID https://localhost:9999/api/kb and the get request working fine so can you provide me your env details

@crystalfp
Copy link
Author

I can reproduce it. These are the module versions from my package.json:

  "dependencies": {
    "body-parser": "^1.18.3",
    "commander": "^2.19.0",
    "compression": "^1.7.3",
    "express": "^4.16.4",
    "iconv-lite": "^0.4.24",
    "serve-favicon": "^2.5.0",
    "spdy": "^4.0.0",
    "xml-js": "^1.6.8",
    "yamljs": "^0.3.0"
  },

node -v
v10.13.0

C:/apps/curl/bin/curl.exe --version
curl 7.60.0 (x86_64-pc-win32) libcurl/7.60.0 OpenSSL/1.1.0h (WinSSL) zlib/1.2.11 brotli/1.0.4 WinIDN libssh2/1.8.0 nghttp2/1.32.0
Release-Date: 2018-05-16
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile SSPI Kerberos SPNEGO NTLM SSL libz brotli TLS-SRP HTTP2 HTTPS-proxy MultiSSL

Machine is Windows 10 64 bits

Thanks for your help!
mario

@crystalfp
Copy link
Author

I can reproduce also on node version 10.15.0

@yindia
Copy link

yindia commented Jan 6, 2019

Check #333 spdy crash with node 10.* . You can follow that thread for future update

@yindia
Copy link

yindia commented Jan 6, 2019

So it's a duplicate issue. We can close it. @crystalfp do you want to add something

@crystalfp
Copy link
Author

Seems nodejs + http2 is at a turning point. Seems better for me to wait for express 5.0 and get rid of spdy altogether. In the mean time, thanks for your clarifications.
mario

@yindia
Copy link

yindia commented Jan 7, 2019

👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crystalfp @yindia