1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-01 03:54:06 -05:00
denoland-deno/std/textproto/mod.ts
Andrew Stucki 1e478d73e3
Drop headers with trailing whitespace in header name (#4642)
This relates directly to [an
issue](https://github.com/denoland/deno_std/issues/620) that I initially
raised in `deno_std` awhile back, and was reminded about it today when
the `oak` project popped up on my github recommended repos.

As of now Deno's http servers are vulnerable to the same underlying
issue of go CVE-2019-16276 due to the fact that it's based off of ported
go code from their old standard library. [Here's the commit that fixed
the
CVE.](6e6f4aaf70)

Long story short, some off the shelf proxies and caching servers allow
for passing unaltered malformed headers to backends that they're
fronting. When they pass invalid headers that they don't understand this
can cause issues with HTTP request smuggling. I believe that to this
date, this is the default behavior of AWS ALBs--meaning any server that
strips whitespace from the tail end of header field names and then
interprets the header, when placed behind an ALB, is susceptible to
request smuggling.

The current behavior is actually specifically called out in [RFC
7230](https://tools.ietf.org/html/rfc7230#section-3.2.4) as something
that MUST result in a rejected message, but the change corresponding to
this PR, is more lenient and what both go and nginx currently do, and is
better than the current behavior.
2020-04-06 09:58:46 -04:00

151 lines
4.3 KiB
TypeScript

// Based on https://github.com/golang/go/blob/891682/src/net/textproto/
// Copyright 2009 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
import { BufReader } from "../io/bufio.ts";
import { charCode } from "../io/util.ts";
import { concat } from "../bytes/mod.ts";
import { decode } from "../encoding/utf8.ts";
function str(buf: Uint8Array | null | undefined): string {
if (buf == null) {
return "";
} else {
return decode(buf);
}
}
export class TextProtoReader {
constructor(readonly r: BufReader) {}
/** readLine() reads a single line from the TextProtoReader,
* eliding the final \n or \r\n from the returned string.
*/
async readLine(): Promise<string | Deno.EOF> {
const s = await this.readLineSlice();
if (s === Deno.EOF) return Deno.EOF;
return str(s);
}
/** ReadMIMEHeader reads a MIME-style header from r.
* The header is a sequence of possibly continued Key: Value lines
* ending in a blank line.
* The returned map m maps CanonicalMIMEHeaderKey(key) to a
* sequence of values in the same order encountered in the input.
*
* For example, consider this input:
*
* My-Key: Value 1
* Long-Key: Even
* Longer Value
* My-Key: Value 2
*
* Given that input, ReadMIMEHeader returns the map:
*
* map[string][]string{
* "My-Key": {"Value 1", "Value 2"},
* "Long-Key": {"Even Longer Value"},
* }
*/
async readMIMEHeader(): Promise<Headers | Deno.EOF> {
const m = new Headers();
let line: Uint8Array | undefined;
// The first line cannot start with a leading space.
let buf = await this.r.peek(1);
if (buf === Deno.EOF) {
return Deno.EOF;
} else if (buf[0] == charCode(" ") || buf[0] == charCode("\t")) {
line = (await this.readLineSlice()) as Uint8Array;
}
buf = await this.r.peek(1);
if (buf === Deno.EOF) {
throw new Deno.errors.UnexpectedEof();
} else if (buf[0] == charCode(" ") || buf[0] == charCode("\t")) {
throw new Deno.errors.InvalidData(
`malformed MIME header initial line: ${str(line)}`
);
}
while (true) {
const kv = await this.readLineSlice(); // readContinuedLineSlice
if (kv === Deno.EOF) throw new Deno.errors.UnexpectedEof();
if (kv.byteLength === 0) return m;
// Key ends at first colon
let i = kv.indexOf(charCode(":"));
if (i < 0) {
throw new Deno.errors.InvalidData(
`malformed MIME header line: ${str(kv)}`
);
}
//let key = canonicalMIMEHeaderKey(kv.subarray(0, endKey));
const key = str(kv.subarray(0, i));
// As per RFC 7230 field-name is a token,
// tokens consist of one or more chars.
// We could throw `Deno.errors.InvalidData` here,
// but better to be liberal in what we
// accept, so if we get an empty key, skip it.
if (key == "") {
continue;
}
// Skip initial spaces in value.
i++; // skip colon
while (
i < kv.byteLength &&
(kv[i] == charCode(" ") || kv[i] == charCode("\t"))
) {
i++;
}
const value = str(kv.subarray(i));
// In case of invalid header we swallow the error
// example: "Audio Mode" => invalid due to space in the key
try {
m.append(key, value);
} catch {}
}
}
async readLineSlice(): Promise<Uint8Array | Deno.EOF> {
// this.closeDot();
let line: Uint8Array | undefined;
while (true) {
const r = await this.r.readLine();
if (r === Deno.EOF) return Deno.EOF;
const { line: l, more } = r;
// Avoid the copy if the first call produced a full line.
if (!line && !more) {
// TODO(ry):
// This skipSpace() is definitely misplaced, but I don't know where it
// comes from nor how to fix it.
if (this.skipSpace(l) === 0) {
return new Uint8Array(0);
}
return l;
}
line = line ? concat(line, l) : l;
if (!more) {
break;
}
}
return line;
}
skipSpace(l: Uint8Array): number {
let n = 0;
for (let i = 0; i < l.length; i++) {
if (l[i] === charCode(" ") || l[i] === charCode("\t")) {
continue;
}
n++;
}
return n;
}
}