[arch-commits] Commit in http-parser/trunk (PKGBUILD http-max-header-size.patch)
Bruno Pagani
archange at archlinux.org
Thu Dec 27 12:05:37 UTC 2018
Date: Thursday, December 27, 2018 @ 12:05:36
Author: archange
Revision: 418491
Backport required change for NodeJS
Added:
http-parser/trunk/http-max-header-size.patch
Modified:
http-parser/trunk/PKGBUILD
----------------------------+
PKGBUILD | 16 ++++----
http-max-header-size.patch | 86 +++++++++++++++++++++++++++++++++++++++++++
2 files changed, 95 insertions(+), 7 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2018-12-27 10:23:48 UTC (rev 418490)
+++ PKGBUILD 2018-12-27 12:05:36 UTC (rev 418491)
@@ -3,17 +3,21 @@
pkgname=http-parser
pkgver=2.8.1
-pkgrel=1
+pkgrel=2
pkgdesc="Parser for HTTP Request/Response written in C"
arch=('x86_64')
url="https://github.com/nodejs/http-parser"
license=('MIT')
depends=('glibc')
-source=("$pkgname-$pkgver.tar.gz::https://github.com/nodejs/http-parser/archive/v$pkgver.tar.gz")
-sha512sums=('6f52f543d979f39688ccefae236527a8183929b3d30f5370570107b01cf89d0338b448249a81102b78d31615d2e8f6e7c708f8961f55ece08e7d3a40e5ad0883')
+source=($pkgname-$pkgver.tar.gz::"${url}/archive/v$pkgver.tar.gz"
+ http-max-header-size.patch) # "${url}/commit/0ae8d93f7335c0279f37b5ca5c26ea881ac17586.patch" + backporting
+sha512sums=('6f52f543d979f39688ccefae236527a8183929b3d30f5370570107b01cf89d0338b448249a81102b78d31615d2e8f6e7c708f8961f55ece08e7d3a40e5ad0883'
+ '24de54a77860e2d1642bd0e74562a411374967fe6a08913a885b526185089b0a8bb78f25462fec2accfbeb63d249afb2385de3c82f8d9d86bc9d430ede0e7824')
prepare() {
- sed -i 's|-Werror||' $pkgname-$pkgver/Makefile
+ cd $pkgname-$pkgver
+ sed -i 's|-Werror||' Makefile
+ patch -p1 -i ../http-max-header-size.patch
}
build() {
@@ -29,7 +33,5 @@
package() {
cd $pkgname-$pkgver
make PREFIX="$pkgdir/usr" install
-
- install -Dm644 LICENSE-MIT \
- "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE-MIT"
+ install -Dm644 LICENSE-MIT -t "$pkgdir"/usr/share/licenses/$pkgname/
}
Added: http-max-header-size.patch
===================================================================
--- http-max-header-size.patch (rev 0)
+++ http-max-header-size.patch 2018-12-27 12:05:36 UTC (rev 418491)
@@ -0,0 +1,86 @@
+From 0ae8d93f7335c0279f37b5ca5c26ea881ac17586 Mon Sep 17 00:00:00 2001
+From: cjihrig <cjihrig at gmail.com>
+Date: Mon, 3 Dec 2018 09:35:31 -0500
+Subject: [PATCH] support overriding HTTP_MAX_HEADER_SIZE at runtime
+
+This commit adds http_parser_set_max_header_size(), which can
+override the compile time HTTP_MAX_HEADER_SIZE value.
+
+Fixes: https://github.com/nodejs/node/issues/24692
+Refs: https://github.com/nodejs/node/pull/24811
+PR-URL: https://github.com/nodejs/http-parser/pull/453
+Reviewed-By: Ben Noordhuis <info at bnoordhuis.nl>
+---
+ http_parser.c | 17 ++++++++++++-----
+ http_parser.h | 3 +++
+ 2 files changed, 15 insertions(+), 5 deletions(-)
+
+diff --git a/http_parser.c b/http_parser.c
+index ba1374e..bb17bd2 100644
+--- a/http_parser.c
++++ b/http_parser.c
+@@ -25,6 +25,8 @@
+ #include <string.h>
+ #include <limits.h>
+
++static uint32_t max_header_size = HTTP_MAX_HEADER_SIZE;
++
+ #ifndef ULLONG_MAX
+ # define ULLONG_MAX ((uint64_t) -1) /* 2^64-1 */
+ #endif
+@@ -137,20 +139,20 @@ do { \
+ } while (0)
+
+ /* Don't allow the total size of the HTTP headers (including the status
+- * line) to exceed HTTP_MAX_HEADER_SIZE. This check is here to protect
++ * line) to exceed max_header_size. This check is here to protect
+ * embedders against denial-of-service attacks where the attacker feeds
+ * us a never-ending header that the embedder keeps buffering.
+ *
+ * This check is arguably the responsibility of embedders but we're doing
+ * it on the embedder's behalf because most won't bother and this way we
+- * make the web a little safer. HTTP_MAX_HEADER_SIZE is still far bigger
++ * make the web a little safer. max_header_size is still far bigger
+ * than any reasonable request or response so this should never affect
+ * day-to-day operation.
+ */
+ #define COUNT_HEADER_SIZE(V) \
+ do { \
+ parser->nread += (V); \
+- if (UNLIKELY(parser->nread > (HTTP_MAX_HEADER_SIZE))) { \
++ if (UNLIKELY(parser->nread > max_header_size)) { \
+ SET_ERRNO(HPE_HEADER_OVERFLOW); \
+ goto error; \
+ } \
+@@ -1471,7 +1473,7 @@ size_t http_parser_execute (http_parser *parser,
+ const char* p_lf;
+ size_t limit = data + len - p;
+
+- limit = MIN(limit, HTTP_MAX_HEADER_SIZE);
++ limit = MIN(limit, max_header_size);
+
+ p_cr = (const char*) memchr(p, CR, limit);
+ p_lf = (const char*) memchr(p, LF, limit);
+@@ -2438,3 +2440,8 @@ http_parser_version(void) {
+ HTTP_PARSER_VERSION_MINOR * 0x00100 |
+ HTTP_PARSER_VERSION_PATCH * 0x00001;
+ }
++
++void
++http_parser_set_max_header_size(uint32_t size) {
++ max_header_size = size;
++}
+diff --git a/http_parser.h b/http_parser.h
+index e894d7c..52aead3 100644
+--- a/http_parser.h
++++ b/http_parser.h
+@@ -427,6 +427,9 @@ void http_parser_pause(http_parser *parser, int paused);
+ /* Checks if this is the final chunk of the body. */
+ int http_body_is_final(const http_parser *parser);
+
++/* Change the maximum header size provided at compile time. */
++void http_parser_set_max_header_size(uint32_t size);
++
+ #ifdef __cplusplus
+ }
+ #endif
More information about the arch-commits
mailing list