http2: handle 0-length headers better

Ignore headers with 0-length names and track memory for headers the way we track it for other HTTP/2 session memory too. This is intended to mitigate CVE-2019-9516. PR-URL: https://github.com/nodejs/node/pull/29122 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
author: Anna Henningsen <anna@addaleax.net> 2019-08-11 00:10:54 +0300
committer: Michaël Zasso <targos@protonmail.com> 2019-08-15 10:51:52 +0300
commit: b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9 (patch)
tree: ee010c753c6f748befb870fc6873313a54636f4c /src/node_revert.h
parent: a54af9e1888c01f9a9553eb0e91664a249cabe96 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/node_revert.h b/src/node_revert.h
index b0853ee75f1..dfce73b95db 100644
--- a/src/node_revert.h
+++ b/src/node_revert.h
@@ -17,6 +17,7 @@ namespace node {
 
 #define SECURITY_REVERSIONS(XX)                                            \
   XX(CVE_2019_9514, "CVE-2019-9514", "HTTP/2 Reset Flood")                 \
+  XX(CVE_2019_9516, "CVE-2019-9516", "HTTP/2 0-Length Headers Leak")       \
 //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
   // TODO(addaleax): Remove all of the above before Node.js 13 as the comment
   // at the start of the file indicates.
author	Anna Henningsen <anna@addaleax.net>	2019-08-11 00:10:54 +0300
committer	Michaël Zasso <targos@protonmail.com>	2019-08-15 10:51:52 +0300
commit	b4cfa521b8b0fbe5ee5815fcac3614cc0960f7d9 (patch)
tree	ee010c753c6f748befb870fc6873313a54636f4c /src/node_revert.h
parent	a54af9e1888c01f9a9553eb0e91664a249cabe96 (diff)