OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
618eebdd175b598a06bbc4d3d1efeb85e3fa1429
node/lib
History
Matteo Collina 618eebdd17 http,https: protect against slow headers attack 
CVE-2018-12122

An attacker can send a char/s within headers and exahust the resources
(file descriptors) of a system even with a tight max header length
protection. This PR destroys a socket if it has not received the headers
in 40s.

PR-URL: https://github.com/nodejs-private/node-private/pull/152
Ref: https://github.com/nodejs-private/node-private/pull/144
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
2018-11-27 14:29:28 +11:00
..
internal
lib: set process.execPath on OpenBSD
2018-04-13 00:01:20 -04:00
_debug_agent.js
lib: remove unused msg parameter in debug_agent
2017-04-18 20:02:10 -04:00
_debugger.js
lib: enable dot-notation eslint rule
2018-02-27 00:01:59 -05:00
_http_agent.js
http: allow _httpMessage to be GC'ed
2018-04-13 00:11:32 -04:00
_http_client.js
http: make socketPath work with no agent
2018-04-13 00:17:54 -04:00
_http_common.js
http: fix connection upgrade checks
2016-09-09 11:06:06 -04:00
_http_incoming.js
_http_outgoing.js
http,https: protect against slow headers attack
2018-11-27 14:29:28 +11:00
_http_server.js
http,https: protect against slow headers attack
2018-11-27 14:29:28 +11:00
_linklist.js
_stream_duplex.js
_stream_passthrough.js
_stream_readable.js
stream: cleanup() when unpiping all streams.
2018-04-16 15:49:25 -04:00
_stream_transform.js
src: fixes misplaced comment
2016-10-11 12:30:40 -04:00
_stream_wrap.js
test,lib,benchmark: match function names
2016-11-15 13:31:46 -05:00
_stream_writable.js
stream: fix disparity between buffer and the count
2018-01-02 14:06:34 -05:00
_tls_common.js
tls: fix empty issuer/subject/infoAccess parsing
2017-09-19 14:22:39 -04:00
_tls_legacy.js
tls: comment about old-style errors
2018-02-12 19:28:23 -05:00
_tls_wrap.js
tls: accept lookup option for tls.connect()
2018-01-11 13:04:34 -05:00
.eslintrc.yaml
lib: enable dot-notation eslint rule
2018-02-27 00:01:59 -05:00
assert.js
assert: improve assert.fail() API
2017-10-25 04:09:42 -04:00
buffer.js
lib: remove excess indentation
2017-09-05 12:49:49 -04:00
child_process.js
child_process: set shell to false in fork()
2017-11-28 13:09:53 +09:00
cluster.js
cluster, dns, repl, tls, util: fix RegExp nits
2017-07-21 14:35:04 -04:00
console.js
console: add console.count() and console.clear()
2018-02-12 19:28:05 -05:00
constants.js
constants: errors -> errno
2016-12-20 14:42:45 -05:00
crypto.js
crypto: expose ECDH class
2018-02-12 19:28:06 -05:00
dgram.js
dgram: added setMulticastInterface()
2018-02-12 19:28:05 -05:00
dns.js
cluster, dns, repl, tls, util: fix RegExp nits
2017-07-21 14:35:04 -04:00
domain.js
test,lib,benchmark: match function names
2016-11-15 13:31:46 -05:00
events.js
lib: update indentation of ternaries
2017-09-05 12:49:50 -04:00
fs.js
fs: fix createReadStream(…, {end: n}) for non-seekable fds
2018-03-29 23:25:34 -04:00
http.js
https.js
http,https: protect against slow headers attack
2018-11-27 14:29:28 +11:00
module.js
lib: enable dot-notation eslint rule
2018-02-27 00:01:59 -05:00
net.js
net: remove redundant code from _writeGeneric()
2018-03-29 23:25:36 -04:00
os.js
os: improve loadavg() performance
2017-03-08 17:11:23 -08:00
path.js
path: fix path.normalize for relative paths
2018-02-27 00:25:10 -05:00
process.js
punycode.js
lib: remove let from for loops
2016-10-11 12:31:51 -04:00
querystring.js
url: adding WHATWG URL support
2018-02-12 19:28:11 -05:00
readline.js
readline: update references to archived repository
2018-03-29 23:25:36 -04:00
repl.js
repl: improve require() autocompletion
2018-02-12 19:28:04 -05:00
stream.js
stream: move legacy to lib/internal dir
2017-03-08 17:10:53 -08:00
string_decoder.js
buffer,string_decoder: consolidate encoding validation logic
2016-09-13 16:13:09 -07:00
sys.js
timers.js
timers: fix eventloop block
2017-11-28 13:10:35 +09:00
tls.js
http, tls: better support for IPv6 addresses
2018-02-26 21:37:27 -05:00
tty.js
tty: refactor exports
2017-12-13 15:53:34 +00:00
url.js
url: adding WHATWG URL support
2018-02-12 19:28:11 -05:00
util.js
url: adding WHATWG URL support
2018-02-12 19:28:11 -05:00
v8.js
lib,src: support values > 4GB in heap statistics
2017-03-08 17:10:25 -08:00
vm.js
vm: refactor vm module
2017-03-08 17:10:34 -08:00
zlib.js
zlib: gracefully set windowBits from 8 to 9
2017-10-24 11:01:16 -04:00