Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Revert 36635 #37964

Closed
wants to merge 2 commits into from
Closed

Revert 36635 #37964

wants to merge 2 commits into from

Conversation

mcollina
Copy link
Member

@mcollina mcollina commented Mar 29, 2021

See #37937 for more details.

This revers a commit that caused an unlimited amount of event listener added to a socket when receiving HTTP pipelining, causing a memory leak.

It also adds a test a second commit to prevent this from happening again.


This never ended in a release, however it would have been a security vulnerability capable of a a DoS, see https://cwe.mitre.org/data/definitions/400.html.

@mcollina mcollina requested review from jasnell, lpinca and ronag March 29, 2021 11:17
@nodejs-github-bot nodejs-github-bot added http Issues or PRs related to the http subsystem. needs-ci PRs that need a full CI run. net Issues and PRs related to the net subsystem. labels Mar 29, 2021
@nodejs-github-bot
Copy link
Collaborator

test/parallel/test-http-pipelining-no-leak.js Outdated Show resolved Hide resolved
test/parallel/test-http-pipelining-no-leak.js Outdated Show resolved Hide resolved
@lpinca
Copy link
Member

lpinca commented Mar 29, 2021

The added test seems overcomplicated. I spotted the same leak issue here: #37291 (comment). So I think we can simply add process.on('warning', common.mustNotCall()); on test/parallel/test-http-many-ended-pipelines.js instead of adding a new test.

@mcollina
Copy link
Member Author

@lpinca good spot, updated

@nodejs-github-bot
Copy link
Collaborator

lpinca pushed a commit that referenced this pull request Mar 31, 2021
This reverts commit 2da3611.

PR-URL: #37964
Refs: #37937
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
lpinca pushed a commit that referenced this pull request Mar 31, 2021
PR-URL: #37964
Refs: #37937
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@lpinca
Copy link
Member

lpinca commented Mar 31, 2021

Landed in 3dee233...31fe3b2.

@lpinca lpinca closed this Mar 31, 2021
@mcollina mcollina deleted the revert-36635 branch March 31, 2021 17:12
@MylesBorins
Copy link
Contributor

Adding don't land labels as the original commit did not land on and of the release branches yet

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
http Issues or PRs related to the http subsystem. needs-ci PRs that need a full CI run. net Issues and PRs related to the net subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants