Ben Noordhuis 38b48a62b8 deps: reject interior blanks in Content-Length ...

Original commit message follows:

    Before this commit `Content-Length: 4 2` was accepted as a valid
    header and recorded as `parser->content_length = 42`.  Now it is
    a parse error that fails with error `HPE_INVALID_CONTENT_LENGTH`.

    Downstream users that inspect `parser->content_length` and naively
    parse the string value using `strtoul()` might get confused by the
    discrepancy between the two values.  Resolve that by simply not
    letting it happen.

Fixes: https://github.com/nodejs-private/security/issues/178
PR-URL: https://github.com/nodejs-private/http-parser-private/pull/1
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>

2018-03-28 12:24:20 -04:00

..

acorn

deps: import acorn@5.2.1

2017-11-16 15:40:42 -08:00

cares

deps: cherry-pick 0ef4a0c64b6 from c-ares upstream

2017-10-02 01:16:22 -03:00

gtest

…

http_parser

deps: reject interior blanks in Content-Length

2018-03-28 12:24:20 -04:00

icu-small

deps: ICU 60.2 bump

2018-01-17 20:08:43 -08:00

nghttp2

deps,src: align ssize_t ABI between Node & nghttp2

2018-02-10 14:39:54 +01:00

node-inspect

src: Remove lttng support.

2018-03-01 16:44:43 +00:00

npm

deps: manually add 10.x support to npm

2018-01-19 11:32:45 -05:00

openssl

deps: add -no_rand_screen to openssl s_client

2018-03-27 20:17:19 -04:00

uv

deps: upgrade libuv to 1.19.2

2018-02-23 09:51:30 -05:00

v8

deps: patch V8 to 6.5.254.43

2018-03-27 10:12:25 -04:00

zlib

…