diff options
| author | Matteo Collina <hello@matteocollina.com> | 2020-05-14 21:21:34 +0300 |
|---|---|---|
| committer | Richard Lau <riclau@uk.ibm.com> | 2020-09-15 22:39:54 +0300 |
| commit | df08d527c2083b852d8456b88b39114f30525236 (patch) | |
| tree | 3957f9865debe958271ab09a941303dc90225f70 /src/node_http_parser.cc | |
| parent | cb90248c145763502ee8fae67960d45293c9e0bf (diff) | |
http: add requestTimeout
This commits introduces a new http.Server option called requestTimeout
with a default value in milliseconds of 0.
If requestTimeout is set to a positive value, the server will start a new
timer set to expire in requestTimeout milliseconds when a new connection
is established. The timer is also set again if new requests after the
first are received on the socket (this handles pipelining and keep-alive
cases).
The timer is cancelled when:
1. the request body is completely received by the server.
2. the response is completed. This handles the case where the
application responds to the client without consuming the request body.
3. the connection is upgraded, like in the WebSocket case.
If the timer expires, then the server responds with status code 408 and
closes the connection.
CVE-2020-8251
PR-URL: https://github.com/nodejs-private/node-private/pull/208
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Mary Marchini <oss@mmarchini.me>
Co-Authored-By: Paolo Insogna <paolo@cowtech.it>
Co-Authored-By: Robert Nagy <ronagy@icloud.com>
Diffstat (limited to 'src/node_http_parser.cc')
| -rw-r--r-- | src/node_http_parser.cc | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/src/node_http_parser.cc b/src/node_http_parser.cc index b409d007307..eada685f2d6 100644 --- a/src/node_http_parser.cc +++ b/src/node_http_parser.cc @@ -69,12 +69,13 @@ using v8::Uint32; using v8::Undefined; using v8::Value; -const uint32_t kOnHeaders = 0; -const uint32_t kOnHeadersComplete = 1; -const uint32_t kOnBody = 2; -const uint32_t kOnMessageComplete = 3; -const uint32_t kOnExecute = 4; -const uint32_t kOnTimeout = 5; +const uint32_t kOnMessageBegin = 0; +const uint32_t kOnHeaders = 1; +const uint32_t kOnHeadersComplete = 2; +const uint32_t kOnBody = 3; +const uint32_t kOnMessageComplete = 4; +const uint32_t kOnExecute = 5; +const uint32_t kOnTimeout = 6; // Any more fields than this will be flushed into JS const size_t kMaxHeaderFieldsCount = 32; @@ -204,6 +205,19 @@ class Parser : public AsyncWrap, public StreamListener { url_.Reset(); status_message_.Reset(); header_parsing_start_time_ = uv_hrtime(); + + Local<Value> cb = object()->Get(env()->context(), kOnMessageBegin) + .ToLocalChecked(); + if (cb->IsFunction()) { + InternalCallbackScope callback_scope( + this, InternalCallbackScope::kSkipTaskQueues); + + MaybeLocal<Value> r = cb.As<Function>()->Call( + env()->context(), object(), 0, nullptr); + + if (r.IsEmpty()) callback_scope.MarkAsFailed(); + } + return 0; } @@ -939,6 +953,8 @@ void InitializeHttpParser(Local<Object> target, Integer::New(env->isolate(), HTTP_REQUEST)); t->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "RESPONSE"), Integer::New(env->isolate(), HTTP_RESPONSE)); + t->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "kOnMessageBegin"), + Integer::NewFromUnsigned(env->isolate(), kOnMessageBegin)); t->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "kOnHeaders"), Integer::NewFromUnsigned(env->isolate(), kOnHeaders)); t->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "kOnHeadersComplete"), |