daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
node/deps
History
Matteo Collina 051154e0e6
http: unset `F_CHUNKED` on new `Transfer-Encoding` 
Duplicate `Transfer-Encoding` header should be a treated as a single,
but with original header values concatenated with a comma separator. In
the light of this, even if the past `Transfer-Encoding` ended with
`chunked`, we should be not let the `F_CHUNKED` to leak into the next
header, because mere presence of another header indicates that `chunked`
is not the last transfer-encoding token.

CVE-ID: CVE-2020-8287
Refs: https://github.com/nodejs-private/llhttp-private/pull/3
Refs: https://hackerone.com/bugs?report_id=1002188&subject=nodejs
PR-URL: https://github.com/nodejs-private/node-private/pull/228
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 		2021-01-04 16:56:30 +00:00
..
acorn
acorn-plugins
brotli
cares deps: update to c-ares 1.17.1 2020-12-16 05:48:29 -08:00
cjs-module-lexer
histogram
icu-small deps: update ICU to 68.1 2020-11-22 20:58:08 +00:00
llhttp http: unset `F_CHUNKED` on new `Transfer-Encoding` 2021-01-04 16:56:30 +00:00
nghttp2
nghttp3
ngtcp2
node-inspect
npm deps: upgrade npm to 7.3.0 2020-12-21 14:29:20 +01:00
openssl deps: update archs files for OpenSSL-1.1.1i 2020-12-16 21:49:42 -05:00
uv
uvwasi
v8 deps: V8: cherry-pick dfcdf7837e23 2020-12-24 18:06:58 +00:00
zlib