Skip to content

Commit e0d720c

Browse files
darrachequesnedarrachequesne
authored
[fix] Check whether 'Origin' header has invalid characters (#531)
Since the 'Origin' header is used as response header, a value with invalid characters would trigger 'The header content contains invalid characters' errors. Closes #517
1 parent 38d639a commit e0d720c

File tree

1 file changed

+65
-0
lines changed

1 file changed

+65
-0
lines changed

lib/server.js

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -150,6 +150,13 @@ Server.prototype.verify = function (req, upgrade, fn) {
150150
return fn(Server.errors.UNKNOWN_TRANSPORT, false);
151151
}
152152

153+
// 'Origin' header check
154+
var isOriginInvalid = checkInvalidHeaderChar(req.headers.origin);
155+
if (isOriginInvalid) {
156+
req.headers.origin = null;
157+
return fn(Server.errors.BAD_REQUEST, false);
158+
}
159+
153160
// sid check
154161
var sid = req._query.sid;
155162
if (sid) {
@@ -512,3 +519,61 @@ function abortConnection (socket, code) {
512519
}
513520
socket.destroy();
514521
}
522+
523+
/* eslint-disable */
524+
525+
/**
526+
* From https://github.com/nodejs/node/blob/v8.4.0/lib/_http_common.js#L303-L354
527+
*
528+
* True if val contains an invalid field-vchar
529+
* field-value = *( field-content / obs-fold )
530+
* field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
531+
* field-vchar = VCHAR / obs-text
532+
*
533+
* checkInvalidHeaderChar() is currently designed to be inlinable by v8,
534+
* so take care when making changes to the implementation so that the source
535+
* code size does not exceed v8's default max_inlined_source_size setting.
536+
**/
537+
var validHdrChars = [
538+
0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, // 0 - 15
539+
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 16 - 31
540+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 32 - 47
541+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 48 - 63
542+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 64 - 79
543+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 80 - 95
544+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 96 - 111
545+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 0, // 112 - 127
546+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, // 128 ...
547+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
548+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
549+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
550+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
551+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
552+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1,
553+
1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 // ... 255
554+
];
555+
556+
function checkInvalidHeaderChar(val) {
557+
val += '';
558+
if (val.length < 1)
559+
return false;
560+
if (!validHdrChars[val.charCodeAt(0)])
561+
return true;
562+
if (val.length < 2)
563+
return false;
564+
if (!validHdrChars[val.charCodeAt(1)])
565+
return true;
566+
if (val.length < 3)
567+
return false;
568+
if (!validHdrChars[val.charCodeAt(2)])
569+
return true;
570+
if (val.length < 4)
571+
return false;
572+
if (!validHdrChars[val.charCodeAt(3)])
573+
return true;
574+
for (var i = 4; i < val.length; ++i) {
575+
if (!validHdrChars[val.charCodeAt(i)])
576+
return true;
577+
}
578+
return false;
579+
}

0 commit comments

Comments
 (0)