http: assert parser.consume argument's type

Unchecked argument conversion in Parser::Consume crashes node
in an slightly undesirable manner - 'unreachable code' in parser.

Make sure we validate the incoming type at the earliest point.

PR-URL: #12288
Fixes: #12178
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Alexey Orlenko <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Refael Ackermann <[email protected]>

Author: gireeshpunathil

src/node_http_parser.cc

@@ -472,6 +472,7 @@ class Parser : public AsyncWrap {
   static void Consume(const FunctionCallbackInfo<Value>& args) {
     Parser* parser;
     ASSIGN_OR_RETURN_UNWRAP(&parser, args.Holder());
+    CHECK(args[0]->IsExternal());
     Local<External> stream_obj = args[0].As<External>();
     StreamBase* stream = static_cast<StreamBase*>(stream_obj->Value());
     CHECK_NE(stream, nullptr);

test/abort/test-http-parser-consume.js

@@ -0,0 +1,28 @@
+'use strict';
+const common = require('../common');
+const assert = require('assert');
+const http = require('http');
+const spawn = require('child_process').spawn;
+
+if (process.argv[2] === 'child') {
+  const server = http.createServer(common.mustCall((req, res) => {
+    res.end('hello');
+  }));
+
+  server.listen(0, common.mustCall((s) => {
+    const rr = http.get(
+      { port: server.address().port },
+      common.mustCall((d) => {
+        // This bad input (0) should abort the parser and the process
+        rr.parser.consume(0);
+        server.close();
+      }));
+  }));
+} else {
+  const child = spawn(process.execPath, [__filename, 'child'],
+                      { stdio: 'inherit' });
+  child.on('exit', common.mustCall((code, signal) => {
+    assert(common.nodeProcessAborted(code, signal),
+           'process should have aborted, but did not');
+  }));
+}