http: throw error on content-length mismatch

Author: sidwebworks

lib/_http_incoming.js

@@ -442,5 +442,6 @@ function onError(self, error, cb) {
 module.exports = {
   IncomingMessage,
   readStart,
-  readStop
+  readStop,
+  kHeaders
 };

lib/_http_outgoing.js

@@ -37,6 +37,8 @@ const {
   SafeSet,
   StringPrototypeToLowerCase,
   Symbol,
+  NumberPOSITIVE_INFINITY,
+  NumberParseInt
 } = primordials;
 
 const { getDefaultHighWaterMark } = require('internal/streams/state');
@@ -69,12 +71,14 @@ const {
     ERR_STREAM_ALREADY_FINISHED,
     ERR_STREAM_WRITE_AFTER_END,
     ERR_STREAM_NULL_VALUES,
-    ERR_STREAM_DESTROYED
+    ERR_STREAM_DESTROYED,
+    ERR_HTTP_CONTENT_LENGTH_MISMATCH
   },
   hideStackFrames
 } = require('internal/errors');
 const { validateString } = require('internal/validators');
 const { isUint8Array } = require('internal/util/types');
+const { kHeaders } = require('_http_incoming');
 
 let debug = require('internal/util/debuglog').debuglog('http', (fn) => {
   debug = fn;
@@ -84,6 +88,8 @@ const HIGH_WATER_MARK = getDefaultHighWaterMark();
 
 const kCorked = Symbol('corked');
 const kUniqueHeaders = Symbol('kUniqueHeaders');
+const kBytesWritten = Symbol('kBytesWritten');
+const kSentContentLength = Symbol('kSentContentLength');
 
 const nop = () => {};
 
@@ -123,6 +129,8 @@ function OutgoingMessage() {
   this._removedContLen = false;
   this._removedTE = false;
 
+  this[kBytesWritten] = 0;
+  this[kSentContentLength] = null;
   this._contentLength = null;
   this._hasBody = true;
   this._trailer = '';
@@ -345,10 +353,20 @@ OutgoingMessage.prototype._send = function _send(data, encoding, callback) {
       this._onPendingData(header.length);
     }
     this._headerSent = true;
+    this[kSentContentLength] = _getContentLength.call(this)
   }
   return this._writeRaw(data, encoding, callback);
 };
 
+function _getContentLength() {
+  const outgoing = this.getHeader('content-length')
+  const incoming = this.req
+  if (!!outgoing) return NumberParseInt(outgoing)
+  if (incoming && incoming[kHeaders] && !!incoming[kHeaders]['content-length']) {
+    return NumberParseInt(incoming[kHeaders]['content-length']);
+  }
+  return NumberPOSITIVE_INFINITY
+}
 
 OutgoingMessage.prototype._writeRaw = _writeRaw;
 function _writeRaw(data, encoding, callback) {
@@ -534,6 +552,9 @@ function processHeader(self, state, key, value, validate) {
 function storeHeader(self, state, key, value, validate) {
   if (validate)
     validateHeaderValue(key, value);
+  if (StringPrototypeToLowerCase(key) === 'content-length') {
+    self[kSentContentLength] = value
+  }
   state.header += key + ': ' + value + '\r\n';
   matchHeader(self, state, key, value);
 }
@@ -814,6 +835,16 @@ function write_(msg, chunk, encoding, callback, fromEnd) {
     err = new ERR_STREAM_DESTROYED('write');
   }
 
+  if (msg && !msg.destroyed) {
+    const byteLength = Buffer.byteLength(chunk, encoding)
+    if (msg[kSentContentLength] > 0 && msg[kSentContentLength] !== NumberPOSITIVE_INFINITY) {
+      if (byteLength + msg[kBytesWritten] > msg[kSentContentLength]) {
+        throw new ERR_HTTP_CONTENT_LENGTH_MISMATCH(byteLength + msg[kBytesWritten], msg[kSentContentLength]);
+      }
+    }
+    msg[kBytesWritten] += byteLength;
+  }
+
   if (err) {
     if (!msg.destroyed) {
       onError(msg, err, callback);

lib/internal/errors.js

@@ -1144,6 +1144,8 @@ E('ERR_HTTP2_TRAILERS_NOT_READY',
 E('ERR_HTTP2_UNSUPPORTED_PROTOCOL', 'protocol "%s" is unsupported.', Error);
 E('ERR_HTTP_HEADERS_SENT',
   'Cannot %s headers after they are sent to the client', Error);
+E('ERR_HTTP_CONTENT_LENGTH_MISMATCH',
+  'Response body\'s content-length of %s byte(s) does not match the content-length of %s byte(s) set in header', Error);
 E('ERR_HTTP_INVALID_HEADER_VALUE',
   'Invalid value "%s" for header "%s"', TypeError);
 E('ERR_HTTP_INVALID_STATUS_CODE', 'Invalid status code: %s', RangeError);