http: send 400 bad request on parse error

mog422 · addaleax · commit f2f391e575fc · 2017-10-19T18:15:58.000+02:00
A web server such as nginx assumes that upstream is dead if upstream closes the socket without any response. PR-URL: #15324 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Myles Borins <myles.borins@gmail.com> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Jeremiah Senkpiel <fishrock123@rocketmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
diff --git a/lib/_http_server.js b/lib/_http_server.js
@@ -38,6 +38,7 @@ const {
 const { OutgoingMessage } = require('_http_outgoing');
 const { outHeadersKey, ondrain } = require('internal/http');
 const errors = require('internal/errors');
+const Buffer = require('buffer').Buffer;
 
 const STATUS_CODES = {
   100: 'Continue',
@@ -451,13 +452,21 @@ function onParserExecute(server, socket, parser, state, ret, d) {
   onParserExecuteCommon(server, socket, parser, state, ret, undefined);
 }
 
+const badRequestResponse = Buffer.from(
+  'HTTP/1.1 400 ' + STATUS_CODES[400] + CRLF + CRLF, 'ascii'
+);
 function socketOnError(e) {
   // Ignore further errors
   this.removeListener('error', socketOnError);
   this.on('error', () => {});
 
-  if (!this.server.emit('clientError', e, this))
+  if (!this.server.emit('clientError', e, this)) {
+    if (this.writable) {
+      this.end(badRequestResponse);
+      return;
+    }
     this.destroy(e);
+  }
 }
 
 function onParserExecuteCommon(server, socket, parser, state, ret, d) {
diff --git a/test/parallel/test-http-blank-header.js b/test/parallel/test-http-blank-header.js
@@ -38,6 +38,7 @@ const server = http.createServer(common.mustCall((req, res) => {
 
 server.listen(0, common.mustCall(() => {
   const c = net.createConnection(server.address().port);
+  let received = '';
 
   c.on('connect', common.mustCall(() => {
     c.write('GET /blah HTTP/1.1\r\n' +
@@ -47,7 +48,12 @@ server.listen(0, common.mustCall(() => {
             '\r\n\r\nhello world'
     );
   }));
-
-  c.on('end', common.mustCall(() => c.end()));
+  c.on('data', common.mustCall((data) => {
+    received += data.toString();
+  }));
+  c.on('end', common.mustCall(() => {
+    assert.strictEqual('HTTP/1.1 400 Bad Request\r\n\r\n', received);
+    c.end();
+  }));
   c.on('close', common.mustCall(() => server.close()));
 }));
