Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix: Invalid HTTP/2 origin set when servername is empty #39919 #39934

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Narasimha1997
Copy link
Contributor

@Narasimha1997 Narasimha1997 commented Aug 29, 2021

The bug posted by @szmarczak is because of not checking the truthy value of options.servername in line 3101 and 3102 of lib/internal/http2/core.js, instead the options.servername is strictly checked against undefined, any value other than undefined will give undesirable result in this case.

So in this PR,

if (servername !== undefined && options.servername === undefined)
    options.servername = servername;

is changed to,

if (servername !== undefined && !options.servername)
    options.servername = servername;

Here, the truthy value of options.servername is checked rather than strict check against undefined.

I have built node.js locally and checked against the code posted by @szmarczak to reproduce the bug.

@nodejs-github-bot nodejs-github-bot added http2 Issues or PRs related to the http2 subsystem. needs-ci PRs that need a full CI run. labels Aug 29, 2021
@Ayase-252
Copy link
Member

Could we add a test for the issue?

@Narasimha1997
Copy link
Contributor Author

@Ayase-252 yeah that would be great. I'll look into how tests are organised in this project so I can write few cases.

@Narasimha1997
Copy link
Contributor Author

@Ayase-252 I have added test cases.

@szmarczak
Copy link
Member

@Narasimha1997 Lint fails. The commit message check fails too.

@Mesteery
Copy link
Contributor

Copy link
Member

@Ayase-252 Ayase-252 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could also run make -j4 test to do a full check on the codebase locally. Per https://github.com/nodejs/node/blob/master/BUILDING.md#running-tests

test/internet/test-http2-issue-39919.js Outdated Show resolved Hide resolved
test/internet/test-http2-issue-39919.js Outdated Show resolved Hide resolved
@Narasimha1997
Copy link
Contributor Author

Narasimha1997 commented Aug 30, 2021

@Mesteery @szmarczak @Ayase-252
Well, haha. Last time I made a contribution to Node an year ago, this commit message linting was not there. So what would you suggest? Can you please give an example of how issue fix commit message must be formulated?

@Ayase-252
Copy link
Member

@Narasimha1997

Maybe

http2: set origin name correctly when servername is empty

Fixes: https://github.com/nodejs/node/issues/39919

@Narasimha1997 Narasimha1997 force-pushed the fix-invalid-origin-set branch from 74b149d to c43b614 Compare August 30, 2021 11:12
@Narasimha1997
Copy link
Contributor Author

The build on windows has failed due to some issues while fetching NASM. Can we re-run the build? Now it seems to be working fine.

@@ -3098,7 +3098,7 @@ function initializeTLSOptions(options, servername) {
options.ALPNProtocols = ['h2'];
if (options.allowHTTP1 === true)
ArrayPrototypePush(options.ALPNProtocols, 'http/1.1');
if (servername !== undefined && options.servername === undefined)
if (servername !== undefined && !options.servername)
Copy link
Member

@lpinca lpinca Aug 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know it makes sense for http2 but for https the empty string is used to disable the SNI extension. I wonder if the same should be done here.

cc: @nodejs/http2

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks. Yeah that makes sense. This PR is based in what the issue poster has expected to be the intended behaviour. If you confirm SNI should be disabled, I would be happy to make these changes.

}

function withServerName() {
const session = http2.connect('https://1.1.1.1', { servername: 'cloudflare-dns.com' });
Copy link
Member

@lpinca lpinca Aug 31, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This requires an external connection. Is it possible to use localhost? See #39011.

Edit: This is not a blocker. The test is under test/internet so it should be ok as is.

Copy link
Member

@mcollina mcollina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would prefer this test to not use the Internet. Is there a specific reason it should?

ofirbarak pushed a commit to ofirbarak/node that referenced this pull request Apr 23, 2022
ofirbarak pushed a commit to ofirbarak/node that referenced this pull request May 22, 2022
nodejs-github-bot pushed a commit that referenced this pull request May 25, 2022
Fixes: #39919
Refs: #39934

PR-URL: #42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
bengl pushed a commit that referenced this pull request May 30, 2022
Fixes: #39919
Refs: #39934

PR-URL: #42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
danielleadams pushed a commit that referenced this pull request Jun 27, 2022
Fixes: #39919
Refs: #39934

PR-URL: #42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
targos pushed a commit that referenced this pull request Jul 12, 2022
Fixes: #39919
Refs: #39934

PR-URL: #42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
targos pushed a commit that referenced this pull request Jul 31, 2022
Fixes: #39919
Refs: #39934

PR-URL: #42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
guangwong pushed a commit to noslate-project/node that referenced this pull request Oct 10, 2022
Fixes: nodejs/node#39919
Refs: nodejs/node#39934

PR-URL: nodejs/node#42838
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
http2 Issues or PRs related to the http2 subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants