v2.1.3 fix

[mcollina]

No description provided.

[jellelicht]

FWIW, generating C with the latest commit here and simply copying it over to the Node 14.18.1 tarball leads to a failing regression test;
not ok 1035 parallel/test-http-request-smuggling-content-length
Additionally, the generated C sources don’t look similar to what is included in the Node tarball. Quick question; I’m assuming that the llhttp sources included with yesterday’s security release are generated using llhttp; why not fix and tag llhttp first (or at the same time) as the Node release?

[jellelicht]

@mcollina I added a PR at #133 that Works For Me ™️

[mcollina]

I need to fix this - I will have time tomorrow morning (I'm missing a commit)

[jellelicht]

I know, and a commit that I assume is very similar to that missing commit can be found at #133 😄

[jellelicht]

Polite ping, it would be nice to have this known CVE addressed in a release.

[mcollina]

Could you check? This should be good to go

[jellelicht]

The latest changes seem to pass the test in node