Skip to content

Commit

Permalink
http2: simplify mapToHeaders, stricter validation
Browse files Browse the repository at this point in the history
No longer check whether key is a symbol as Object.keys does not
return symbols. No longer convert key to string as it is always
a string. Validate that only one value is passed for each
pseudo-header.

Extend illegal connection header message to include the name of
the problematic header.

Extend tests to cover this behaviour.

PR-URL: #16575
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
apapirovski authored and gibfahn committed Oct 31, 2017
1 parent e592c32 commit 98b9705
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 22 deletions.
2 changes: 1 addition & 1 deletion lib/internal/errors.js
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ E('ERR_HTTP2_INFO_HEADERS_AFTER_RESPOND',
E('ERR_HTTP2_INFO_STATUS_NOT_ALLOWED',
'Informational status codes cannot be used');
E('ERR_HTTP2_INVALID_CONNECTION_HEADERS',
'HTTP/1 Connection specific headers are forbidden');
'HTTP/1 Connection specific headers are forbidden: "%s"');
E('ERR_HTTP2_INVALID_HEADER_VALUE', 'Value must not be undefined or null');
E('ERR_HTTP2_INVALID_INFO_STATUS',
(code) => `Invalid informational status code: ${code}`);
Expand Down
29 changes: 15 additions & 14 deletions lib/internal/http2/util.js
Original file line number Diff line number Diff line change
Expand Up @@ -399,10 +399,10 @@ function mapToHeaders(map,
for (var i = 0; i < keys.length; i++) {
let key = keys[i];
let value = map[key];
let val;
if (typeof key === 'symbol' || value === undefined || !key)
if (value === undefined || key === '')
continue;
key = String(key).toLowerCase();
key = key.toLowerCase();
const isSingleValueHeader = kSingleValueHeaders.has(key);
let isArray = Array.isArray(value);
if (isArray) {
switch (value.length) {
Expand All @@ -413,34 +413,35 @@ function mapToHeaders(map,
isArray = false;
break;
default:
if (kSingleValueHeaders.has(key))
if (isSingleValueHeader)
return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
}
} else {
value = String(value);
}
if (isSingleValueHeader) {
if (singles.has(key))
return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
singles.add(key);
}
if (key[0] === ':') {
const err = assertValuePseudoHeader(key);
if (err !== undefined)
return err;
ret = `${key}\0${String(value)}\0${ret}`;
ret = `${key}\0${value}\0${ret}`;
count++;
} else {
if (kSingleValueHeaders.has(key)) {
if (singles.has(key))
return new errors.Error('ERR_HTTP2_HEADER_SINGLE_VALUE', key);
singles.add(key);
}
if (isIllegalConnectionSpecificHeader(key, value)) {
return new errors.Error('ERR_HTTP2_INVALID_CONNECTION_HEADERS');
return new errors.Error('ERR_HTTP2_INVALID_CONNECTION_HEADERS', key);
}
if (isArray) {
for (var k = 0; k < value.length; k++) {
val = String(value[k]);
const val = String(value[k]);
ret += `${key}\0${val}\0`;
}
count += value.length;
} else {
val = String(value);
ret += `${key}\0${val}\0`;
ret += `${key}\0${value}\0`;
count++;
}
}
Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-http2-server-push-stream-errors-args.js
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ server.on('stream', common.mustCall((stream, headers) => {
() => stream.pushStream({ 'connection': 'test' }, {}, () => {}),
{
code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
message: 'HTTP/1 Connection specific headers are forbidden'
message: 'HTTP/1 Connection specific headers are forbidden: "connection"'
}
);

Expand Down
27 changes: 21 additions & 6 deletions test/parallel/test-http2-util-headers-list.js
Original file line number Diff line number Diff line change
Expand Up @@ -158,14 +158,28 @@ const {
// Arrays containing a single set-cookie value are handled correctly
// (https://github.com/nodejs/node/issues/16452)
const headers = {
'set-cookie': 'foo=bar'
'set-cookie': ['foo=bar']
};
assert.deepStrictEqual(
mapToHeaders(headers),
[ [ 'set-cookie', 'foo=bar', '' ].join('\0'), 1 ]
);
}

{
// pseudo-headers are only allowed a single value
const headers = {
':status': 200,
':statuS': 204,
};

common.expectsError({
code: 'ERR_HTTP2_HEADER_SINGLE_VALUE',
type: Error,
message: 'Header field ":status" must have only a single value'
})(mapToHeaders(headers));
}

// The following are not allowed to have multiple values
[
HTTP2_HEADER_STATUS,
Expand Down Expand Up @@ -248,8 +262,6 @@ const {
assert(!(mapToHeaders({ [name]: [1, 2, 3] }) instanceof Error), name);
});

const regex =
/^HTTP\/1 Connection specific headers are forbidden$/;
[
HTTP2_HEADER_CONNECTION,
HTTP2_HEADER_UPGRADE,
Expand All @@ -269,18 +281,21 @@ const regex =
].forEach((name) => {
common.expectsError({
code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
message: regex
message: 'HTTP/1 Connection specific headers are forbidden: ' +
`"${name.toLowerCase()}"`
})(mapToHeaders({ [name]: 'abc' }));
});

common.expectsError({
code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
message: regex
message: 'HTTP/1 Connection specific headers are forbidden: ' +
`"${HTTP2_HEADER_TE}"`
})(mapToHeaders({ [HTTP2_HEADER_TE]: ['abc'] }));

common.expectsError({
code: 'ERR_HTTP2_INVALID_CONNECTION_HEADERS',
message: regex
message: 'HTTP/1 Connection specific headers are forbidden: ' +
`"${HTTP2_HEADER_TE}"`
})(mapToHeaders({ [HTTP2_HEADER_TE]: ['abc', 'trailers'] }));

assert(!(mapToHeaders({ te: 'trailers' }) instanceof Error));
Expand Down

0 comments on commit 98b9705

Please sign in to comment.