-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
http: setEncoding error for incoming packets #18178
Conversation
I don’t think |
hmm... yeah, I think what we'd want is to just eliminate the ability to setEncoding on these sockets entirely. |
@jasnell: Yes, setting the encoding on incoming packets (for HTTP based transactions) should not be allowed. Setting the encoding on outgoing packets could be allowed (?) but I can't think of a practical use case. Nevertheless, any HTTP response should not allow other encodings. @addaleax: yup, the linked issue is a the result of setting the encoding on incoming packets transferred via HTTP. Incoming HTTP packets have to be |
Because |
Ah, that makes since. I see that now in the Because Or should it be removed from the Or perhaps just overriding the
Should throw a TypeError Ref: RFC20 suggests that all network transactions should be in |
The method should be overridden to throw. |
Forcing the socket data to ASCII is definitely not the right thing to do. With http, for instance, while the protocol bits themselves are generally ascii, the payload data typically is not. Forcing the socket to always ascii would result in data corruption. The best thing here is to simply require the socket to use buffers and let the bits that handle the parsing for specific bits to deal with the encoding. |
+1, I agree that’s the right thing to do here. @iSkore could you also make sure that this interacts well with |
@addaleax - do you think this fix would be in the So my first thought was to check if the headers are requesting an Any pointers on what file(s) I should focus on to fix this? |
@iSkore ... rather than setting
function socketSetEncoding() {
throw new errors.Error('ERR_METHOD_NOT_IMPLEMENTED',
'setEncoding');
}
socket.setEncoding = socketSetEncoding;
|
Upon further research, I'm seeing that any encoding changes should not be allowed.
I interpret this as a fairly generic statement (compared to other RFC literature) suggesting that it should not be allowed at all:
For the language as a whole, particularly the |
@iSkore would you be so kind and change the implementation accordingly to @jasnell s suggestion? And adding a test case that would normally result in a crash would be awesome. As far as I see it, it should not matter if there is a |
@iSkore this has nothing to do with |
added override to socket.setEncoding to not allow encoding changes for incoming HTTP requests added tests to ensure method throws JavaScript error because an HTTP buffer must be in US-ASCII, this function should not be allowed and should throw an Error currently, the process encounters a fatal v8 error and crashes error report detailed in [issue #18118](#18118) Fixes: #18118 Ref: #18178
added override to socket.setEncoding to not allow encoding changes for incoming HTTP requests added tests to ensure method throws JavaScript error because an HTTP buffer must be in US-ASCII, this function should not be allowed and should throw an Error currently, the process encounters a fatal v8 error and crashes error report detailed in [issue #18118](#18118) Fixes: #18118 Ref: #18178
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added setEncoding
override error and tests
@BridgeAR - should the Net module documentation be edited in someway to say "this method can only be used for response encodings? |
@iSkore I do not have a strong opinion. But maybe someone else might say something about that. |
Ping @nodejs/http @nodejs/http2 PTAL |
added override to socket.setEncoding to not allow encoding changes for incoming HTTP requests added tests to ensure method throws JavaScript error because an HTTP buffer must be in US-ASCII, this function should not be allowed and should throw an Error currently, the process encounters a fatal v8 error and crashes error report detailed in [issue nodejs#18118](nodejs#18118) Fixes: nodejs#18118 Ref: nodejs#18178
added test to ensure setEncoding inside socket connection would throw an error Fixes: nodejs#18118 Ref: nodejs#18178
added ERR_HTTP_INCOMING_SOCKET_ENCODING error and error docs throw ERR_HTTP_INCOMING_SOCKET_ENCODING error when incoming request socket encoding is manipulated error report detailed in nodejs#18118 Fixes: nodejs#18118 Ref: nodejs#18178
added note and link to RFC7230 >A recipient MUST parse an HTTP message as a sequence of octets in an encoding that is a superset of US-ASCII [USASCII]. Ref: https://tools.ietf.org/html/rfc7230#section-3 Ref: nodejs#18118 Ref: nodejs#18178 Ref: nodejs#19344
internal/errors declaration updated to match new scheme PR-URL: nodejs#19344 Ref: https://tools.ietf.org/html/rfc7230#section-3 Ref: nodejs#18118 Ref: nodejs#18178 Ref: nodejs#19344
applied updates from previous pull-requests to disallow socket.setEncoding before a http connection is parsed. wrapped socket.setEncoding to throw an error. previously resulted in a fatal error Fixes: nodejs#18118 Ref: nodejs#18178 Ref: nodejs#19344
Applied updates from previous pull-requests to disallow socket.setEncoding before a http connection is parsed. Wrapped `socket.setEncoding` to throw an error. This previously resulted in a fatal error. PR-URL: nodejs#33405 Fixes: nodejs#18118 Refs: nodejs#18178 Refs: nodejs#19344 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
added wrapping on
socket.setEncoding
to not allow encoding changeson incoming packets.
Because HTTP must be in US-ASCII, this function should either not
be allowed, or should throw a standard
stackTrace error
if invokedon an incoming packet.
Currently, the process encounters a fatal v8 error and crashes.
error report detailed in: issue #18118
Fixes: #18118
Ref: #19344
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
_http_server
(specifically:connectionListenerInternal
method ->socket
variable)