diff options
author | Daniel Bevenius <daniel.bevenius@gmail.com> | 2021-01-22 12:34:21 +0100 |
---|---|---|
committer | Richard Lau <rlau@redhat.com> | 2021-02-22 17:16:43 +0000 |
commit | 922ada77132c1b0b69c9a146822d762b2f9b912b (patch) | |
tree | 6397bb70c2f15d38d100c5340462a71b0207a3ac /doc | |
parent | 1564752d553f582c8048ee45614f870ee2a446c9 (diff) | |
download | node-new-922ada77132c1b0b69c9a146822d762b2f9b912b.tar.gz |
http2: add unknownProtocol timeout
This commit add a configuration options named unknownProtocolTimeout
which can be specified to set a value for the timeout in milliseconds
that a server should wait when an unknowProtocol is sent to it. When
this happens a timer will be started and the if the socket has not been
destroyed during that time the timer callback will destoy it.
Refs: https://hackerone.com/reports/1043360
CVE-ID: CVE-2021-22883
PR-URL: https://github.com/nodejs-private/node-private/pull/246
Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/250
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/api/http2.md | 25 |
1 files changed, 24 insertions, 1 deletions
diff --git a/doc/api/http2.md b/doc/api/http2.md index 219a837c06..7db9855e0e 100644 --- a/doc/api/http2.md +++ b/doc/api/http2.md @@ -1970,7 +1970,9 @@ added: v8.4.0 The `'unknownProtocol'` event is emitted when a connecting client fails to negotiate an allowed protocol (i.e. HTTP/2 or HTTP/1.1). The event handler receives the socket for handling. If no listener is registered for this event, -the connection is terminated. See the [Compatibility API][]. +the connection is terminated. A timeout may be specified using the +`'unknownProtocolTimeout'` option passed to [`http2.createSecureServer()`][]. +See the [Compatibility API][]. #### `server.close([callback])` <!-- YAML @@ -2010,6 +2012,9 @@ error will be thrown. <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/250 + description: Added `unknownProtocolTimeout` option with a default of 10000. - version: - v12.18.0 pr-url: https://github.com/nodejs-private/node-private/pull/206 @@ -2112,6 +2117,10 @@ changes: `Http2ServerResponse` class to use. Useful for extending the original `Http2ServerResponse`. **Default:** `Http2ServerResponse`. + * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that + a server should wait when an [`'unknownProtocol'`][] is emitted. If the + socket has not been destroyed by that time the server will destroy it. + **Default:** `10000`. * ...: Any [`net.createServer()`][] option can be provided. * `onRequestHandler` {Function} See [Compatibility API][] * Returns: {Http2Server} @@ -2148,6 +2157,9 @@ server.listen(80); <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/250 + description: Added `unknownProtocolTimeout` option with a default of 10000. - version: - v12.18.0 pr-url: https://github.com/nodejs-private/node-private/pull/206 @@ -2240,6 +2252,10 @@ changes: servers, the identity options (`pfx` or `key`/`cert`) are usually required. * `origins` {string[]} An array of origin strings to send within an `ORIGIN` frame immediately following creation of a new server `Http2Session`. + * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that + a server should wait when an [`'unknownProtocol'`][] event is emitted. If + the socket has not been destroyed by that time the server will destroy it. + **Default:** `10000`. * `onRequestHandler` {Function} See [Compatibility API][] * Returns: {Http2SecureServer} @@ -2273,6 +2289,9 @@ server.listen(80); <!-- YAML added: v8.4.0 changes: + - version: REPLACEME + pr-url: https://github.com/nodejs-private/node-private/pull/250 + description: Added `unknownProtocolTimeout` option with a default of 10000. - version: - v12.18.0 pr-url: https://github.com/nodejs-private/node-private/pull/206 @@ -2356,6 +2375,10 @@ changes: instance passed to `connect` and the `options` object, and returns any [`Duplex`][] stream that is to be used as the connection for this session. * ...: Any [`net.connect()`][] or [`tls.connect()`][] options can be provided. + * `unknownProtocolTimeout` {number} Specifies a timeout in milliseconds that + a server should wait when an [`'unknownProtocol'`][] event is emitted. If + the socket has not been destroyed by that time the server will destroy it. + **Default:** `10000`. * `listener` {Function} Will be registered as a one-time listener of the [`'connect'`][] event. * Returns: {ClientHttp2Session} |