OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
v10.x-staging
node/lib
History
Daniel Bevenius 3f2e9dc40c
http2: add unknownProtocol timeout 
This commit add a configuration options named unknownProtocolTimeout
which can be specified to set a value for the timeout in milliseconds
that a server should wait when an unknowProtocol is sent to it. When
this happens a timer will be started and the if the socket has not been
destroyed during that time the timer callback will destoy it.

CVE-ID: CVE-2021-22883
Refs: https://hackerone.com/reports/1043360
PR-URL: https://github.com/nodejs-private/node-private/pull/246
Backport PR-URL: https://github.com/nodejs-private/node-private/pull/248
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
2021-02-22 19:12:26 +00:00
..
internal http2: add unknownProtocol timeout 2021-02-22 19:12:26 +00:00
_http_agent.js async_hooks: add missing async_hooks destroys in AsyncReset 2018-11-29 11:39:01 -05:00
_http_client.js http: make --insecure-http-parser configurable per-stream or per-server 2020-02-04 14:05:39 -08:00
_http_common.js http: opt-in insecure HTTP header parsing 2020-02-04 14:05:39 -08:00
_http_incoming.js http: added aborted property to request 2018-05-04 11:51:12 -04:00
_http_outgoing.js http: remove obsolete function escapeHeaderValue 2019-01-12 11:05:42 -08:00
_http_server.js http: disable headersTimeout check when set to zero 2020-07-02 07:20:22 -04:00
_stream_duplex.js stream: only check options once in Duplex ctor 2018-05-04 11:54:32 -04:00
_stream_passthrough.js meta: restore original copyright header 2017-03-10 11:23:48 -08:00
_stream_readable.js stream: increase MAX_HWM 2020-01-07 13:57:28 +00:00
_stream_transform.js stream: make virtual methods errors consistent 2018-03-12 14:24:34 +01:00
_stream_wrap.js lib: move _stream_wrap into internals 2017-10-19 18:06:27 +02:00
_stream_writable.js stream: add auto-destroy mode 2019-04-08 17:10:23 +01:00
_tls_common.js tls: add min/max protocol version options 2019-03-28 20:15:10 +00:00
_tls_wrap.js tls: expose keylog event on TLSSocket 2020-03-12 09:44:17 +00:00
.eslintrc.yaml bootstrapper: move internalBinding to NativeModule 2018-11-29 11:38:30 -05:00
assert.js module: revert module._compile to original state if module is patched 2019-05-16 14:56:57 -04:00
async_hooks.js lib: extract validateString validator 2018-08-15 20:23:17 +10:00
buffer.js tools: lint for unused catch bindings 2018-12-03 13:33:04 -05:00
child_process.js child_process: truncate output when maxBuffer is exceeded 2019-05-16 14:56:49 -04:00
cluster.js lib: use consistent indentation for ternaries 2017-07-07 06:57:16 -07:00
console.js console: add trace-events for time and count 2020-03-09 11:08:49 +00:00
constants.js os: add os.{get,set}Priority() 2018-09-03 17:56:53 +02:00
crypto.js src: cache the result of GetOptions() in JS land 2018-12-25 02:17:24 -05:00
dgram.js lib,src: standardize owner_symbol for handles 2018-09-06 08:52:21 +02:00
dns.js dns: make dns.promises enumerable 2019-10-18 13:51:59 +01:00
domain.js domain: avoid circular memory references 2019-05-20 00:03:10 -04:00
events.js events: show inspected error in uncaught 'error' message 2019-05-16 14:56:47 -04:00
fs.js fs: remove experimental warning for fs.promises 2019-10-16 21:49:56 +01:00
http.js lib: support overriding http\s.globalAgent 2019-05-16 14:56:22 -04:00
http2.js http2: order declarations in http2.js 2019-01-28 21:54:52 -08:00
https.js lib: support overriding http\s.globalAgent 2019-05-16 14:56:22 -04:00
inspector.js inspector: enable Inspector JS API in workers 2018-09-25 08:53:37 +02:00
module.js lib: add back lib/module.js redirection 2018-03-15 20:50:35 +08:00
net.js net: treat ENOTCONN at shutdown as success 2019-10-16 15:49:04 +01:00
os.js bootstrapper: move internalBinding to NativeModule 2018-11-29 11:38:30 -05:00
path.js path: replace assertPath() with validator 2019-02-28 23:37:40 +11:00
perf_hooks.js tools: enable no-useless-constructor lint rule 2019-02-28 23:37:45 +11:00
process.js src: remove excessive license boilerplate 2015-01-27 16:35:05 +11:00
punycode.js lib: update punycode to 2.1.1 2018-07-17 14:08:55 +02:00
querystring.js querystring: remove eslint-disable 2019-05-16 14:56:01 -04:00
readline.js readline: make Symbol.asyncIterator support stable 2019-10-18 13:26:25 +01:00
repl.js repl: indicate if errors are thrown or not 2019-05-16 14:56:17 -04:00
stream.js tools: lint for unused catch bindings 2018-12-03 13:33:04 -05:00
string_decoder.js bootstrapper: move internalBinding to NativeModule 2018-11-29 11:38:30 -05:00
sys.js meta: restore original copyright header 2017-03-10 11:23:48 -08:00
timers.js timers: use custom inspection for linked lists 2018-10-03 07:59:08 +02:00
tls.js tls: allow empty subject even with altNames defined 2020-07-01 10:54:06 -04:00
trace_events.js trace_events: remove usage of require('util') 2019-05-16 14:55:59 -04:00
tty.js tty: add hasColors function 2019-04-17 00:15:13 +01:00
url.js url: use SafeSet to filter known special protocols 2019-02-28 23:37:37 +11:00
util.js util: fixes type in argument type validation error 2019-05-16 14:56:35 -04:00
v8.js tools: enable no-useless-constructor lint rule 2019-02-28 23:37:45 +11:00
vm.js tools: enable no-useless-catch lint rule 2019-05-16 14:56:12 -04:00
worker_threads.js worker: rename to worker_threads 2018-06-13 08:45:04 +02:00
zlib.js zlib: do not coalesce multiple .flush() calls 2019-10-17 21:37:20 +01:00