Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

subtext underline zlib error #100

Open
pegerto opened this issue May 16, 2023 · 3 comments
Open

subtext underline zlib error #100

pegerto opened this issue May 16, 2023 · 3 comments
Labels
support Questions, discussions, and general support

Comments

@pegerto
Copy link

pegerto commented May 16, 2023

Support plan

is this issue currently blocking your project? no
is this issue affecting a production system? yes

Context

  • node version: v16.18.0
  • module version with issue: "7.0.4
  • last module version without issue:
  • environment (e.g. node, browser, native): node
  • used with (e.g. hapi application, another framework, standalone, ...): hapi application
  • any other relevant information:

What are you trying to achieve or the steps to reproduce?

Standard hapi application currently under security scan fail decompressing invalid data.

What was the result you got?

node:events:505
      throw er; // Unhandled 'error' event
      ^

Error: Invalid compressed payload
    at Gunzip.stream.emit (node_modules/@hapi/subtext/lib/index.js:129:26)
    at Gunzip.onerror (node:internal/streams/readable:773:14)
    at Gunzip.emit (node:events:527:28)
    at Gunzip.stream.emit (node_modules/@hapi/subtext/lib/index.js:132:21)
    at emitErrorNT (node:internal/streams/destroy:157:8)
    at emitErrorCloseNT (node:internal/streams/destroy:122:3)
    at processTicksAndRejections (node:internal/process/task_queues:83:21)

Killing the process

What result did you expect?

Expected to handle the request and get a 400 http code.
@pegerto pegerto added the support Questions, discussions, and general support label May 16, 2023
@pegerto
Copy link
Author

pegerto commented May 16, 2023
edited
Loading

Can this be related to #96?

@devinivy
Copy link
Member

I've attempted to reproduce this with hapi v20 and v21, and subtext v7.0.3, v7.0.4, v7.1.0, and v8.1.0 without any luck. There are also some tests for this here, which would helpfully catch the issue. Do you happen to have any more info? For example, how is the route configured? If the route receives the raw payload stream, how does it handle it?

One way I can trigger this is to use output: 'stream' but not handle any errors from the stream in app code, which I believe would be an implementation issue on the app side.

@kanongil
Copy link
Contributor

kanongil commented Sep 28, 2023
edited
Loading

Hmm, with output: 'stream' this seems very likely.

Subtext could add its own "error" handler to the returned stream, but would have nowhere to report any issue. So the error handling is definitely the responsibility of the consumer, which is actually Hapi itself.

In hapi, there is no requirement for handlers to actually interact with the request.payload stream, so an error here should not cause it to crash. Especially since it can error before the handler is even called! Ie. hapi needs to add its own "error" handler, and apply the failAction to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
support Questions, discussions, and general support
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pegerto @kanongil @devinivy