From d945d3cb9243777da59096584543ace4a94a7dc9 Mon Sep 17 00:00:00 2001 From: Paolo Insogna Date: Mon, 19 Sep 2022 14:37:21 +0200 Subject: [PATCH] http: disable chunked encoding when OBS fold is used Reviewed-By: Matteo Collina Reviewed-By: Rafael Gonzaga Reviewed-By: Vladimir de Turckheim PR-URL: #341 CVE-ID: CVE-2022-32213, CVE-2022-32215, CVE-2022-35256 --- deps/llhttp/CMakeLists.txt | 2 +- deps/llhttp/include/llhttp.h | 2 +- test/parallel/test-http-transfer-encoding-smuggling.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/deps/llhttp/CMakeLists.txt b/deps/llhttp/CMakeLists.txt index 7d63f77d2aea51..6474e110a1f432 100644 --- a/deps/llhttp/CMakeLists.txt +++ b/deps/llhttp/CMakeLists.txt @@ -1,7 +1,7 @@ cmake_minimum_required(VERSION 3.5.1) cmake_policy(SET CMP0069 NEW) -project(llhttp VERSION 6.0.9) +project(llhttp VERSION 6.0.10) include(GNUInstallDirs) set(CMAKE_C_STANDARD 99) diff --git a/deps/llhttp/include/llhttp.h b/deps/llhttp/include/llhttp.h index 4d5312e7aafb42..6e1e71ecbce0c2 100644 --- a/deps/llhttp/include/llhttp.h +++ b/deps/llhttp/include/llhttp.h @@ -3,7 +3,7 @@ #define LLHTTP_VERSION_MAJOR 6 #define LLHTTP_VERSION_MINOR 0 -#define LLHTTP_VERSION_PATCH 9 +#define LLHTTP_VERSION_PATCH 10 #ifndef LLHTTP_STRICT_MODE # define LLHTTP_STRICT_MODE 0 diff --git a/test/parallel/test-http-transfer-encoding-smuggling.js b/test/parallel/test-http-transfer-encoding-smuggling.js index a6677b46155787..472b717022d7e1 100644 --- a/test/parallel/test-http-transfer-encoding-smuggling.js +++ b/test/parallel/test-http-transfer-encoding-smuggling.js @@ -36,7 +36,7 @@ const net = require('net'); // Verify that the server listener is never called client.on('data', common.mustCall((chunk) => { - response += chunk.toString('utf-8'); + response += chunk; })); client.setEncoding('utf8');