-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: fix parsing of binary upgrade response body #17806
Conversation
@@ -471,29 +470,22 @@ function parserOnIncomingClient(res, shouldKeepAlive) { | |||
// We already have a response object, this means the server | |||
// sent a double response. | |||
socket.destroy(); | |||
return; | |||
return 0; // No special treatment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before anyone asks - yes, these could be constants, please suggest good names. :-)
(They don't have names in http_parser either though.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just made these up on the spot. Feel free to ignore. How about kSkipBodyAsUpgrade
, kSkipBodyNoUpgrade
... and I don't know for the 0 case.
// to the content-length of the entity-body had the request | ||
// been a GET. | ||
var isHeadResponse = req.method === 'HEAD'; | ||
debug('AGENT isHeadResponse', isHeadResponse); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Removed because not very useful and slightly misleading - this is not inside the agent.
@@ -616,7 +616,7 @@ function parserOnIncoming(server, socket, state, req, keepAlive) { | |||
} else { | |||
server.emit('request', req, res); | |||
} | |||
return false; // Not a HEAD response. (Not even a response!) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bogus comment, removed.
if (!upgrade) { | ||
// For upgraded connections and CONNECT method request, we'll emit this | ||
// after parser.execute so that we can capture the first part of the new | ||
// protocol. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Slightly wrong comment, removed.
// https://github.com/nodejs/node/issues/17789 - a connection upgrade response | ||
// that has a Transfer-Encoding header and a body whose first byte is > 127 | ||
// triggers a bug where said byte is skipped over. | ||
net.createServer(function(conn) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This callback and the one passed to listen
could also be wrapped in common.mustCall
.
@@ -471,29 +470,22 @@ function parserOnIncomingClient(res, shouldKeepAlive) { | |||
// We already have a response object, this means the server | |||
// sent a double response. | |||
socket.destroy(); | |||
return; | |||
return 0; // No special treatment. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just made these up on the spot. Feel free to ignore. How about kSkipBodyAsUpgrade
, kSkipBodyNoUpgrade
... and I don't know for the 0 case.
ping @bnoordhuis |
Is this ready to land? Or do you want to fix the nits before this PR gets landed? @bnoordhuis |
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: nodejs#17789
Rebased + new CI: https://ci.nodejs.org/job/node-test-commit/15534/ I've incorporated the comments about the test. I decided to leave the constants unnamed. |
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: nodejs#17789 PR-URL: nodejs#17806 Fixes: nodejs#17789 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
Landed in de4600e |
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: #17789 PR-URL: #17806 Fixes: #17789 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: #17789 PR-URL: #17806 Fixes: #17789 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
Should this be backported to LTS? It lands cleanly on 8.x but will need a manual backport to v6.x |
Yes, should be back-ported. I'll look into the v6.x back-port. |
@gibfahn Is there any reason this one was not included in 8.10.0? I can confirm the bug persists in node 8.11.1 :) |
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: #17789 PR-URL: #17806 Fixes: #17789 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
@jeroenvollenbrock not sure why it was missed... I've landed it on staging @bnoordhuis did you have a chance to look into the 6.x backport? |
Fix a bug where a connection upgrade response with a Transfer-Encoding header and a body whose first byte is > 127 causes said byte to be dropped on the floor when passing the remainder of the message to the 'upgrade' event listeners. Fixes: nodejs#17789 PR-URL: nodejs#17806 Fixes: nodejs#17789 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Tiancheng "Timothy" Gu <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Ruben Bridgewater <[email protected]>
@lpinca @MylesBorins it looks like Node 10.14.1 has a regression and this problem has snuck back into the release. This gist can consistently reproduce the error: https://gist.github.com/shellscape/2020916f92be5d61f4d411fb6d2bce61 Note that stepping back down to any 10.x version lower than 10.14.0 does not reproduce the error. |
@shellscape none of these commits https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V10.md#2018-11-29-version-10141-dubnium-lts-mylesborins seem related. Try to reproduce it only with core modules. This fix landed with regression tests so chances are the issue you are experiencing is different / not in node core. |
@lpinca indeed, which baffled me. we've spun up brand new containers to verify the issue was isolated to 10.14.x. same containers from scratch with 10.13.x are completely fine. |
I'll dig into the repro and see what's going on |
@MylesBorins much appreciated. if you end up needing that in a separate repository, say the word and it shall be done. |
@shellscape would you be so kind and open a new issue about this with as much information as possible? That way it's easier to track the progress :) |
@BridgeAR I'll do my best, please don't nuke it right away if there's something lacking, happy to clean it up to spec. It'll be my first Node org issue. |
Don't worry, we normally only close an issue if they it's resolved, not a core issue or in the wrong repository. As @lpinca pointed out, it's best to try to reduce the test case further by removing any third party modules. That way looking into it becomes much easier. |
Fix a bug where a connection upgrade response with a Transfer-Encoding
header and a body whose first byte is > 127 causes said byte to be
dropped on the floor when passing the remainder of the message to
the 'upgrade' event listeners.
Fixes: #17789
CI: https://ci.nodejs.org/job/node-test-commit/15003/