This repository has been archived by the owner on Apr 22, 2023. It is now read-only.
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
http, querystring: added limits to prevent DoS
- Loading branch information
Showing
5 changed files
with
49 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,6 +43,10 @@ var parsers = new FreeList('parsers', 1000, function() { | |
parser._headers = []; | ||
parser._url = ''; | ||
|
||
// Limit incoming headers count as it may cause | ||
// hash collision DoS | ||
parser.maxHeadersCount = 1000; | ||
This comment has been minimized.
Sorry, something went wrong.
This comment has been minimized.
Sorry, something went wrong.
windyrobin
|
||
|
||
// Only called in the slow case where slow means | ||
// that the request headers were either fragmented | ||
// across multiple TCP packets or too large to be | ||
|
@@ -78,7 +82,14 @@ var parsers = new FreeList('parsers', 1000, function() { | |
parser.incoming.httpVersion = info.versionMajor + '.' + info.versionMinor; | ||
parser.incoming.url = url; | ||
|
||
for (var i = 0, n = headers.length; i < n; i += 2) { | ||
var n = headers.length; | ||
|
||
// If parser.maxHeadersCount <= 0 - assume that there're no limit | ||
if (parser.maxHeadersCount > 0) { | ||
n = Math.min(n, parser.maxHeadersCount << 1); | ||
} | ||
|
||
for (var i = 0; i < n; i += 2) { | ||
var k = headers[i]; | ||
var v = headers[i + 1]; | ||
parser.incoming._addHeaderLine(k.toLowerCase(), v); | ||
|
@@ -1158,6 +1169,11 @@ ClientRequest.prototype.onSocket = function(socket) { | |
parser.incoming = null; | ||
req.parser = parser; | ||
|
||
// Propagate headers limit from request object to parser | ||
if (req.maxHeadersCount) { | ||
parser.maxHeadersCount = req.maxHeadersCount; | ||
} | ||
|
||
socket._httpMessage = req; | ||
// Setup "drain" propogation. | ||
httpSocketSetup(socket); | ||
|
@@ -1444,6 +1460,11 @@ function connectionListener(socket) { | |
parser.socket = socket; | ||
parser.incoming = null; | ||
|
||
// Propagate headers limit from server instance to parser | ||
if (this.maxHeadersCount) { | ||
parser.maxHeadersCount = this.maxHeadersCount; | ||
} | ||
|
||
socket.addListener('error', function(e) { | ||
self.emit('clientError', e); | ||
}); | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@indutny, @isaacs: Isn't that way too high if you're worried about hash collisions? It's over 500K operations per request if I remember my math right:
n + ((n * (n - 1)) / 2)
where n=1000.