Skip to content

Commit

Permalink
Merge pull request from GHSA-5r9g-qh6m-jxff
Browse files Browse the repository at this point in the history
  • Loading branch information
ronag authored Feb 13, 2023
1 parent f5c89e5 commit a2eff05
Show file tree
Hide file tree
Showing 2 changed files with 40 additions and 0 deletions.
3 changes: 3 additions & 0 deletions lib/core/request.js
Original file line number Diff line number Diff line change
Expand Up @@ -304,6 +304,9 @@ function processHeader (request, key, val) {
key.length === 4 &&
key.toLowerCase() === 'host'
) {
if (headerCharRegex.exec(val) !== null) {
throw new InvalidArgumentError(`invalid ${key} header`)
}
// Consumed by Client
request.host = val
} else if (
Expand Down
37 changes: 37 additions & 0 deletions test/headers-crlf.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
'use strict'

const { test } = require('tap')
const { Client } = require('..')
const { createServer } = require('http')
const EE = require('events')

test('CRLF Injection in Nodejs ‘undici’ via host', (t) => {
t.plan(1)

const server = createServer(async (req, res) => {
res.end()
})
t.teardown(server.close.bind(server))

server.listen(0, async () => {
const client = new Client(`http://localhost:${server.address().port}`)
t.teardown(client.close.bind(client))

const unsanitizedContentTypeInput = '12 \r\n\r\naaa:aaa'

try {
const { body } = await client.request({
path: '/',
method: 'POST',
headers: {
'content-type': 'application/json',
'host': unsanitizedContentTypeInput
},
body: 'asd'
})
await body.dump()
} catch (err) {
t.same(err.code, 'UND_ERR_INVALID_ARG')
}
})
})

0 comments on commit a2eff05

Please sign in to comment.