llhttp icon indicating copy to clipboard operation
llhttp copied to clipboard
verified publisher icon nodejs

Whitespace between start-line and first HTTP header not properly handled

Open zeyu2001 opened this issue 3 years ago • 0 comments

Issue transferred over from HackerOne.

According to RFC7230 section 3:

A recipient that receives whitespace between the start-line and the first header field MUST either reject the message as invalid or consume each whitespace-preceded line without further processing of it (i.e., ignore the entire line, along with any subsequent lines preceded by whitespace, until a properly formed header field is received or the header section is terminated).

However, the parser does not adhere to this and accepts a first header with a leading whitespace.

GET / HTTP/1.1
 Host: foo

Server code used for testing:

const http = require('http');

http.createServer((request, response) => {
   let body = [];
   request.on('error', (err) => {
      response.end("error while reading body: " + err)
   }).on('data', (chunk) => {
      body.push(chunk);
   }).on('end', () => {
   body = Buffer.concat(body).toString();
   
   response.on('error', (err) => {
      response.end("error while sending response: " + err)
   });

   response.end(JSON.stringify({
         "URL": request.url,
         "Headers": request.headers,
         "Length": body.length,
         "Body": body,
      }) + "\n");
   });
}).listen(80);

Request:

GET / HTTP/1.1
 Host: foo

Expected result: As per the RFC, either return a 400 Bad Request or ignore the header entirely.

Actual result: The header is processed as host (with a leading whitespace).

HTTP/1.1 200 OK
Date: Mon, 28 Mar 2022 17:34:47 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Content-Length: 59

{"URL":"/","Headers":{" host":"foo"},"Length":0,"Body":""}

References:

zeyu2001 avatar Apr 04 '22 08:04 zeyu2001