OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 12:20:27 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
v0.12
node/test/parallel
History
Evan Lucas 6d977902bd http: check reason chars in writeHead 
Previously, the reason argument passed to ServerResponse#writeHead was
not being properly validated.  One could pass CRLFs which could lead to
http response splitting. This commit changes the behavior to throw an
error in the event any invalid characters are included in the reason.

CVE-2016-5325

PR-URL: https://github.com/nodejs/node-private/pull/47
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Douglas Wilson <doug@somethingdoug.com>
2016-09-28 00:02:05 +10:00
..
test-http-client-read-in-error.js http: fix assert on data/end after socket error 2015-03-27 17:10:23 -07:00
test-http-pipeline-regr-3508.js http: fix pipeline regression 2015-12-03 23:03:08 +11:00
test-http-response-statuscode.js http: disallow sending obviously invalid status codes 2016-09-28 00:00:05 +10:00
test-http-status-reason-invalid-chars.js http: check reason chars in writeHead 2016-09-28 00:02:05 +10:00