Skip to content

Commit

Permalink
deps,http: llhttp set max header size to 8KB
Browse files Browse the repository at this point in the history 
CVE-2018-12121

As per nodejs-private/node-private#149 for http_parse but for llhttp

Ref: nodejs-private/node-private#143
PR-URL: nodejs-private/node-private#149
Reviewed-By: Matteo Collina <hello@matteocollina.com>
  • Loading branch information
@rvagg
rvagg committed Nov 27, 2018
1 parent 74e01d0 commit a2b8aba
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/node_http_parser.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -852,7 +852,7 @@ class Parser : public AsyncWrap, public StreamListener {

static const parser_settings_t settings;
#ifdef NODE_EXPERIMENTAL_HTTP
static const uint64_t kMaxHeaderSize = 80 * 1024;
static const uint64_t kMaxHeaderSize = 8 * 1024;
#endif /* NODE_EXPERIMENTAL_HTTP */
};

Expand Down

0 comments on commit a2b8aba

Please sign in to comment.