Potential Vulnerability in Cloned Code

[pr-hung]

Summary

This PR fixes a potential security vulnerability in cloned code that appears to have missed an upstream security patch.

Details

• Affected file: test/bench/parser/nodejs-parser/http_parser.c
• Upstream fix commit: nodejs/http-parser@7d5c99d
• Clone similarity score: 0.998532

What this PR does

• Applies the upstream security fix logic to the cloned implementation in this repository.

References

• Upstream patch commit: nodejs/http-parser@7d5c99d

Please review and merge this PR to ensure your repository is protected against this potential vulnerability.
Thank you for your time !

[sehe]

This code, as the names suggest, is part of a comparative benchmark only. As such, the code was cloned at the specific time the comparison was done, and represents an "archive copy" for reproducing the results. Of course, we might remove the archive copy and replace it with a revision link to the source repository, or at least clearly mark the files as old and having security issues.

But in short, unless users willingly do not use Boost Beast, but instead use some benchmark code that is not part of Boost Beast, there is no security issue here.

Interestingly, Beast might have corresponding issues with multiple Transfer-Encodings, but that's not the topic of this issue.