Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Ported from
OpenSUSE:nodejs8-8.17.0-lp152.147.1:CVE-2019-15605.patch

Original commit message:

commit e2c8f89
Author: Sam Roberts <[email protected]>
Date:   Thu Jan 16 11:55:52 2020 -0800

    test: using TE to smuggle reqs is not possible

    See: https://hackerone.com/reports/735748

    PR-URL: https://github.com/nodejs-private/node-private/pull/192
    Reviewed-By: Beth Griggs <[email protected]>

commit 49f4220
Author: Sam Roberts <[email protected]>
Date:   Tue Feb 4 10:36:57 2020 -0800

    deps: upgrade http-parser to v2.9.3

    PR-URL: https://github.com/nodejs-private/http-parser-private/pull/4
    Reviewed-By: Matteo Collina <[email protected]>
    Reviewed-By: James M Snell <[email protected]>
    Reviewed-By: Sam Roberts <[email protected]>

commit d616722
Author: Sam Roberts <[email protected]>
Date:   Tue Jan 7 14:24:54 2020 -0800

    test: check that --insecure-http-parser works

    Test that using --insecure-http-parser will disable validation of
    invalid characters in HTTP headers.

    See:
    - nodejs#30567

    Backport-PR-URL: nodejs#30471
    PR-URL: nodejs#31253
    Reviewed-By: Richard Lau <[email protected]>
    Reviewed-By: Ruben Bridgewater <[email protected]>

commit a9849c0
Author: Sam Roberts <[email protected]>
Date:   Wed Nov 20 11:48:58 2019 -0800

    http: opt-in insecure HTTP header parsing

    Allow insecure HTTP header parsing. Make clear it is insecure.

    See:
    - nodejs#30553
    - nodejs#27711 (comment)
    - nodejs#30515

    Backport-PR-URL: nodejs#30471
    PR-URL: nodejs#30567
    Reviewed-By: Fedor Indutny <[email protected]>
    Reviewed-By: Anna Henningsen <[email protected]>
    Reviewed-By: Denys Otrishko <[email protected]>
    Reviewed-By: James M Snell <[email protected]>

commit a28e5cc
Author: Sam Roberts <[email protected]>
Date:   Wed Nov 13 10:05:38 2019 -0800

    deps: upgrade http-parser to v2.9.1

    PR-URL: nodejs#30471
    Reviewed-By: James M Snell <[email protected]>
    Reviewed-By: Jiawen Geng <[email protected]>
    Reviewed-By: Richard Lau <[email protected]>
    Reviewed-By: Beth Griggs <[email protected]>

Signed-off-by: Su Baocheng <[email protected]>
  • Loading branch information
BaochengSu committed Jul 14, 2022
1 parent 4cc3ccb commit 65ab2f5
Show file tree
Hide file tree
Showing 17 changed files with 607 additions and 225 deletions.
12 changes: 6 additions & 6 deletions deps/http_parser/Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ HELPER ?=
BINEXT ?=
SOLIBNAME = libhttp_parser
SOMAJOR = 2
SOMINOR = 8
SOREV = 0
SOMINOR = 9
SOREV = 3
ifeq (darwin,$(PLATFORM))
SOEXT ?= dylib
SONAME ?= $(SOLIBNAME).$(SOMAJOR).$(SOMINOR).$(SOEXT)
Expand Down Expand Up @@ -133,14 +133,14 @@ tags: http_parser.c http_parser.h test.c
install: library
$(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
$(INSTALL) -D $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)

install-strip: library
$(INSTALL) -D http_parser.h $(DESTDIR)$(INCLUDEDIR)/http_parser.h
$(INSTALL) -D -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(LIBNAME)
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
ln -s $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SONAME)
ln -sf $(LIBNAME) $(DESTDIR)$(LIBDIR)/$(SOLIBNAME).$(SOEXT)

uninstall:
rm $(DESTDIR)$(INCLUDEDIR)/http_parser.h
Expand Down
4 changes: 2 additions & 2 deletions deps/http_parser/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ callback in a threadsafe manner. This allows `http_parser` to be used in
multi-threaded contexts.

Example:
```
```c
typedef struct {
socket_t sock;
void* buffer;
Expand Down Expand Up @@ -184,7 +184,7 @@ void http_parser_thread(socket_t sock) {
parser supplied to callback functions */
parser->data = my_data;

http_parser_settings settings; / * set up callbacks */
http_parser_settings settings; /* set up callbacks */
settings.on_url = my_url_callback;

/* execute parser */
Expand Down
35 changes: 26 additions & 9 deletions deps/http_parser/bench.c
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,14 @@
*/
#include "http_parser.h"
#include <assert.h>
#include <stdint.h>
#include <stdio.h>
#include <string.h>
#include <sys/time.h>

/* 8 gb */
static const int64_t kBytes = 8LL << 30;

static const char data[] =
"POST /joyent/http-parser HTTP/1.1\r\n"
"Host: github.com\r\n"
Expand All @@ -38,7 +42,7 @@ static const char data[] =
"Referer: https://github.com/joyent/http-parser\r\n"
"Connection: keep-alive\r\n"
"Transfer-Encoding: chunked\r\n"
"Cache-Control: max-age=0\r\n\r\nb\r\nhello world\r\n0\r\n\r\n";
"Cache-Control: max-age=0\r\n\r\nb\r\nhello world\r\n0\r\n";
static const size_t data_len = sizeof(data) - 1;

static int on_info(http_parser* p) {
Expand Down Expand Up @@ -67,13 +71,13 @@ int bench(int iter_count, int silent) {
int err;
struct timeval start;
struct timeval end;
float rps;

if (!silent) {
err = gettimeofday(&start, NULL);
assert(err == 0);
}

fprintf(stderr, "req_len=%d\n", (int) data_len);
for (i = 0; i < iter_count; i++) {
size_t parsed;
http_parser_init(&parser, HTTP_REQUEST);
Expand All @@ -83,29 +87,42 @@ int bench(int iter_count, int silent) {
}

if (!silent) {
double elapsed;
double bw;
double total;

err = gettimeofday(&end, NULL);
assert(err == 0);

fprintf(stdout, "Benchmark result:\n");

rps = (float) (end.tv_sec - start.tv_sec) +
(end.tv_usec - start.tv_usec) * 1e-6f;
fprintf(stdout, "Took %f seconds to run\n", rps);
elapsed = (double) (end.tv_sec - start.tv_sec) +
(end.tv_usec - start.tv_usec) * 1e-6f;

total = (double) iter_count * data_len;
bw = (double) total / elapsed;

fprintf(stdout, "%.2f mb | %.2f mb/s | %.2f req/sec | %.2f s\n",
(double) total / (1024 * 1024),
bw / (1024 * 1024),
(double) iter_count / elapsed,
elapsed);

rps = (float) iter_count / rps;
fprintf(stdout, "%f req/sec\n", rps);
fflush(stdout);
}

return 0;
}

int main(int argc, char** argv) {
int64_t iterations;

iterations = kBytes / (int64_t) data_len;
if (argc == 2 && strcmp(argv[1], "infinite") == 0) {
for (;;)
bench(5000000, 1);
bench(iterations, 1);
return 0;
} else {
return bench(5000000, 0);
return bench(iterations, 0);
}
}
Loading

0 comments on commit 65ab2f5

Please sign in to comment.