diff options
author | James M Snell <jasnell@gmail.com> | 2018-04-13 18:11:26 +0300 |
---|---|---|
committer | Evan Lucas <evanlucas@me.com> | 2018-06-12 21:46:52 +0300 |
commit | ae5567eaea7e53f333f6b442944d57bb9c5a6669 (patch) | |
tree | 3d1a5aae80242401578ee127a678931d91bf145b | |
parent | 4c90ee8fc65070be8172c61c3da188f17e2a449b (diff) |
test: add regression test for nghttp2 CVE-2018-1000168
PR-URL: https://github.com/nodejs-private/node-private/pull/117
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
-rw-r--r-- | test/common/http2.js | 10 | ||||
-rw-r--r-- | test/parallel/test-http2-malformed-altsvc.js | 39 |
2 files changed, 49 insertions, 0 deletions
diff --git a/test/common/http2.js b/test/common/http2.js index 0f3378e9b80..f84a6686175 100644 --- a/test/common/http2.js +++ b/test/common/http2.js @@ -127,8 +127,18 @@ class PingFrame extends Frame { } } +class AltSvcFrame extends Frame { + constructor(size) { + const buffers = [Buffer.alloc(size)]; + super(size, 10, 0, 0); + buffers.unshift(this[kFrameData]); + this[kFrameData] = Buffer.concat(buffers); + } +} + module.exports = { Frame, + AltSvcFrame, DataFrame, HeadersFrame, SettingsFrame, diff --git a/test/parallel/test-http2-malformed-altsvc.js b/test/parallel/test-http2-malformed-altsvc.js new file mode 100644 index 00000000000..28c0fb46b42 --- /dev/null +++ b/test/parallel/test-http2-malformed-altsvc.js @@ -0,0 +1,39 @@ +'use strict'; + +const common = require('../common'); + +if (!common.hasCrypto) + common.skip('missing crypto'); + +const http2 = require('http2'); +const net = require('net'); +const h2test = require('../common/http2'); + +const server = http2.createServer(); +server.on('stream', common.mustNotCall()); + +const settings = new h2test.SettingsFrame(); +const settingsAck = new h2test.SettingsFrame(true); +const altsvc = new h2test.AltSvcFrame((1 << 14) + 1); + +server.listen(0, () => { + const client = net.connect(server.address().port, () => { + client.write(h2test.kClientMagic, () => { + client.write(settings.data, () => { + client.write(settingsAck.data); + // Prior to nghttp2 1.31.1, sending this malformed altsvc frame + // would cause a segfault. This test is successful if a segfault + // does not occur. + client.write(altsvc.data, common.mustCall(() => { + client.destroy(); + })); + }); + }); + }); + + // An error may or may not be emitted on the client side, we don't care + // either way if it is, but we don't want to die if it is. + client.on('error', () => {}); + client.on('close', common.mustCall(() => server.close())); + client.resume(); +}); |