fix: validate EOF for chunked h1 responses#5273
Merged
Merged
Conversation
Signed-off-by: Matteo Collina <hello@matteocollina.com>
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #5273 +/- ##
==========================================
- Coverage 93.28% 93.27% -0.01%
==========================================
Files 110 110
Lines 36384 36427 +43
==========================================
+ Hits 33939 33978 +39
- Misses 2445 2449 +4 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Member
|
Needs rebase to include node 26 FFI build from https://www,github.com/nodejs/undici/pull/5275 |
Member
Author
|
I think we can land without |
trivikr
approved these changes
May 10, 2026
Merged
This was referenced May 17, 2026
mcollina
added a commit
that referenced
this pull request
May 18, 2026
mcollina
added a commit
that referenced
this pull request
May 18, 2026
* fix: validate EOF for chunked h1 responses (#5273) (cherry picked from commit 13f6af6) Signed-off-by: Matteo Collina <hello@matteocollina.com> * test: restore websocket test compatibility on Node 18 - replace t.assert usage with node:assert in websocket tests so they work on Node 18\n- reduce the disabled-limit payload size in permessage-deflate-limit to avoid CI timeouts\n- remove an extra blank line in lib/dispatcher/agent.js to satisfy standard Signed-off-by: Matteo Collina <hello@matteocollina.com> --------- Signed-off-by: Matteo Collina <hello@matteocollina.com>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
llhttp_finish()on EOF-like socket terminationContent-Lengthmismatch error behaviorClientandfetch()Details
Undici previously treated EOF on non-keepalive responses as an implicit successful message completion. That is correct for EOF-delimited responses, but not for chunked responses, which must receive the terminating
0\r\n\r\nchunk.This change routes the EOF/close/ECONNRESET path through
llhttp_finish()so llhttp can reject incomplete chunked responses with an invalid EOF state instead of completing the response body successfully.Testing
node --test test/parser-issues.js test/content-length.jsnpx eslint lib/dispatcher/client-h1.js test/parser-issues.js