http: validate HTTP version

nodejs · Jun 17, 2022 · 2101d70 · 2101d70
1 parent 75b4512
commit 2101d70
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 2 deletions.
diff --git a/src/llhttp/http.ts b/src/llhttp/http.ts
@@ -258,7 +258,20 @@ export class HTTP {
       .otherwise(p.error(ERROR.INVALID_VERSION, 'Expected dot'));
 
     n('res_http_minor')
-      .select(MINOR, this.store('http_minor', 'res_http_end'))
+      .select(MINOR, this.store('http_minor',
+        this.load('http_major', {
+          0: this.load('http_minor', {
+            9: n('res_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+          1: this.load('http_minor', {
+            0: n('res_http_end'),
+            1: n('res_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+          2: this.load('http_minor', {
+            0: n('res_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+        }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+      ))
       .otherwise(p.error(ERROR.INVALID_VERSION, 'Invalid minor version'));
 
     n('res_http_end')
@@ -364,7 +377,20 @@ export class HTTP {
       .otherwise(p.error(ERROR.INVALID_VERSION, 'Expected dot'));
 
     n('req_http_minor')
-      .select(MINOR, this.store('http_minor', 'req_http_end'))
+      .select(MINOR, this.store('http_minor',
+        this.load('http_major', {
+          0: this.load('http_minor', {
+            9: n('req_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+          1: this.load('http_minor', {
+            0: n('req_http_end'),
+            1: n('req_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+          2: this.load('http_minor', {
+            0: n('req_http_end'),
+          }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+        }, p.error(ERROR.INVALID_VERSION, 'Invalid HTTP version')),
+      ))
       .otherwise(p.error(ERROR.INVALID_VERSION, 'Invalid minor version'));
 
     n('req_http_end').otherwise(this.load('method', {

diff --git a/test/request/invalid.md b/test/request/invalid.md
@@ -200,3 +200,19 @@ off=22 len=15 span[header_value]="www.example.com"
 off=39 header_value complete
 off=52 error code=10 reason="Invalid header token"
 ```
+
+### Invalid HTTP version
+
+<!-- meta={"type": "request", "noScan": true} -->
+```http
+GET / HTTP/5.6
+
+
+```
+
+```log
+off=0 message begin
+off=4 len=1 span[url]="/"
+off=6 url complete
+off=14 error code=9 reason="Invalid HTTP version"
+```
diff --git a/test/response/invalid.md b/test/response/invalid.md
@@ -106,3 +106,17 @@ off=21 header_field complete
 off=22 len=1 span[header_value]="1"
 off=24 error code=3 reason="Missing expected LF after header value"
 ```
+
+### Invalid HTTP version
+
+<!-- meta={"type": "response"} -->
+```http
+HTTP/5.6 200 OK
+
+
+```
+
+```log
+off=0 message begin
+off=8 error code=9 reason="Invalid HTTP version"
+```