Skip to content

Commit 65ab2f5

Browse files
BaochengSuBaochengSu
committed
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:CVE-2019-15605.patch Original commit message: commit e2c8f89 Author: Sam Roberts <[email protected]> Date: Thu Jan 16 11:55:52 2020 -0800 test: using TE to smuggle reqs is not possible See: https://hackerone.com/reports/735748 PR-URL: https://github.com/nodejs-private/node-private/pull/192 Reviewed-By: Beth Griggs <[email protected]> commit 49f4220 Author: Sam Roberts <[email protected]> Date: Tue Feb 4 10:36:57 2020 -0800 deps: upgrade http-parser to v2.9.3 PR-URL: https://github.com/nodejs-private/http-parser-private/pull/4 Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Sam Roberts <[email protected]> commit d616722 Author: Sam Roberts <[email protected]> Date: Tue Jan 7 14:24:54 2020 -0800 test: check that --insecure-http-parser works Test that using --insecure-http-parser will disable validation of invalid characters in HTTP headers. See: - nodejs#30567 Backport-PR-URL: nodejs#30471 PR-URL: nodejs#31253 Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]> commit a9849c0 Author: Sam Roberts <[email protected]> Date: Wed Nov 20 11:48:58 2019 -0800 http: opt-in insecure HTTP header parsing Allow insecure HTTP header parsing. Make clear it is insecure. See: - nodejs#30553 - nodejs#27711 (comment) - nodejs#30515 Backport-PR-URL: nodejs#30471 PR-URL: nodejs#30567 Reviewed-By: Fedor Indutny <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Denys Otrishko <[email protected]> Reviewed-By: James M Snell <[email protected]> commit a28e5cc Author: Sam Roberts <[email protected]> Date: Wed Nov 13 10:05:38 2019 -0800 deps: upgrade http-parser to v2.9.1 PR-URL: nodejs#30471 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Signed-off-by: Su Baocheng <[email protected]>
1 parent 4cc3ccb commit 65ab2f5

17 files changed

+607
-225
lines changed

deps/http_parser/Makefile

+6-6
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,8 @@ HELPER ?=
2323
BINEXT ?=
2424
SOLIBNAME = libhttp_parser
2525
SOMAJOR = 2
26-
SOMINOR = 8
27-
SOREV = 0
26+
SOMINOR = 9
27+
SOREV = 3
2828
ifeq (darwin,$(PLATFORM))
2929
SOEXT ?= dylib
3030
SONAME ?= $(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT)
@@ -133,14 +133,14 @@ tags: http_parser.c http_parser.h test.c
133133
install: library
134134
$(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
135135
$(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
136-
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
137-
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
136+
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
137+
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
138138

139139
install-strip: library
140140
$(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
141141
$(INSTALL) -D -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
142-
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
143-
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
142+
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
143+
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
144144

145145
uninstall:
146146
rm $(DESTDIR)$(INCLUDEDIR)/http_parser.h

deps/http_parser/README.md

+2-2
Original file line numberDiff line numberDiff line change
@@ -148,7 +148,7 @@ callback in a threadsafe manner. This allows `http_parser` to be used in
148148
multi-threaded contexts.
149149

150150
Example:
151-
```
151+
```c
152152
typedef struct {
153153
socket_t sock;
154154
void* buffer;
@@ -184,7 +184,7 @@ void http_parser_thread(socket_t sock) {
184184
parser supplied to callback functions */
185185
parser->data = my_data;
186186

187-
http_parser_settings settings; / * set up callbacks */
187+
http_parser_settings settings; /* set up callbacks */
188188
settings.on_url = my_url_callback;
189189

190190
/* execute parser */

deps/http_parser/bench.c

+26-9
Original file line numberDiff line numberDiff line change
@@ -20,10 +20,14 @@
2020
*/
2121
#include "http_parser.h"
2222
#include <assert.h>
23+
#include <stdint.h>
2324
#include <stdio.h>
2425
#include <string.h>
2526
#include <sys/time.h>
2627

28+
/* 8 gb */
29+
static const int64_t kBytes = 8LL << 30;
30+
2731
static const char data[] =
2832
"POST /joyent/http-parser HTTP/1.1\r\n"
2933
"Host: github.com\r\n"
@@ -38,7 +42,7 @@ static const char data[] =
3842
"Referer: https://github.com/joyent/http-parser\r\n"
3943
"Connection: keep-alive\r\n"
4044
"Transfer-Encoding: chunked\r\n"
41-
"Cache-Control: max-age=0\r\n\r\nb\r\nhello world\r\n0\r\n\r\n";
45+
"Cache-Control: max-age=0\r\n\r\nb\r\nhello world\r\n0\r\n";
4246
static const size_t data_len = sizeof(data) - 1;
4347

4448
static int on_info(http_parser* p) {
@@ -67,13 +71,13 @@ int bench(int iter_count, int silent) {
6771
int err;
6872
struct timeval start;
6973
struct timeval end;
70-
float rps;
7174

7275
if (!silent) {
7376
err = gettimeofday(&start, NULL);
7477
assert(err == 0);
7578
}
7679

80+
fprintf(stderr, "req_len=%d\n", (int) data_len);
7781
for (i = 0; i < iter_count; i++) {
7882
size_t parsed;
7983
http_parser_init(&parser, HTTP_REQUEST);
@@ -83,29 +87,42 @@ int bench(int iter_count, int silent) {
8387
}
8488

8589
if (!silent) {
90+
double elapsed;
91+
double bw;
92+
double total;
93+
8694
err = gettimeofday(&end, NULL);
8795
assert(err == 0);
8896

8997
fprintf(stdout, "Benchmark result:\n");
9098

91-
rps = (float) (end.tv_sec - start.tv_sec) +
92-
(end.tv_usec - start.tv_usec) * 1e-6f;
93-
fprintf(stdout, "Took %f seconds to run\n", rps);
99+
elapsed = (double) (end.tv_sec - start.tv_sec) +
100+
(end.tv_usec - start.tv_usec) * 1e-6f;
101+
102+
total = (double) iter_count * data_len;
103+
bw = (double) total / elapsed;
104+
105+
fprintf(stdout, "%.2f mb | %.2f mb/s | %.2f req/sec | %.2f s\n",
106+
(double) total / (1024 * 1024),
107+
bw / (1024 * 1024),
108+
(double) iter_count / elapsed,
109+
elapsed);
94110

95-
rps = (float) iter_count / rps;
96-
fprintf(stdout, "%f req/sec\n", rps);
97111
fflush(stdout);
98112
}
99113

100114
return 0;
101115
}
102116

103117
int main(int argc, char** argv) {
118+
int64_t iterations;
119+
120+
iterations = kBytes / (int64_t) data_len;
104121
if (argc == 2 && strcmp(argv[1], "infinite") == 0) {
105122
for (;;)
106-
bench(5000000, 1);
123+
bench(iterations, 1);
107124
return 0;
108125
} else {
109-
return bench(5000000, 0);
126+
return bench(iterations, 0);
110127
}
111128
}

0 commit comments

Comments
 (0)