bnoordhuis
commented
4 years ago Try running git bisect. By the way, 2.7.1 is almost four years old, you should be using a newer version.
Closed Akaren13 closed 4 years ago
bnoordhuis
commented
4 years ago Try running git bisect. By the way, 2.7.1 is almost four years old, you should be using a newer version.
Akaren13
commented
4 years ago I am not using git repository but rpm package.
bnoordhuis
commented
4 years ago The implication is that you should - at least temporarily - switch to source builds. :-)
Akaren13
commented
4 years ago this pathc is cousing it https://www.tenable.com/cve/CVE-2019-15605
bnoordhuis
commented
4 years ago That change isn't in 2.7.1 though on account of it predating that CVE by 3 years. Maybe it's e2e467b, that's a very similar change. It's something you'll need to fix on your end in any case.
Akaren13
commented
4 years ago In what release did you fix it?
bnoordhuis
commented
4 years ago v2.9.0 or v2.9.3.
Thimira
commented
4 years ago The exact same issue happened in our system as well.
We're on CentOS 7 (7.7.1908) 64-Bit, with Node v6.14.3.
During a routine maintenance on 18th March 2020, the http-parser package was upgraded to version http-parser-2.7.1-8.el7.x86_64.rpm. It is the latest version of the http-parser rpm package available for CentOS 7 in the Yum repositories (https://centos.pkgs.org/7/centos-x86_64/http-parser-2.7.1-8.el7.x86_64.rpm.html).
After the upgrade all of our Node.js applications stopped working, where we experienced issues such as,
* transfer closed with 1 bytes remaining to read
* Closing connection 0"Downgrading the package back solved the issue. Therefore, it appears that the issue is with that specific version of the RPM distribution of the package. We haven't attempted the source distribution yet.
sam-github
commented
4 years ago We're on CentOS 7 (7.7.1908) 64-Bit, with Node v6.14.3
Obligatory note: v6.x has been unsupported (including security updates) since 2019-04-30 (https://github.com/nodejs/Release#end-of-life-releases). Newer nodejs releases have https://nodejs.org/docs/latest-v10.x/api/cli.html#cli_insecure_http_parser which might address this issue, I suggest trying that.
If it works, you might need to backport the CLI option to 6.x and build from source, or just update to a supported Node.js version.
The reports here all involve ancient versions of http_parser, I think unless they can be reproduced on supported versions of node.js (10 or higher - in which case open an issue on nodejs/node and I'll look at it) or current versions of http_parser, then its not likely to be addressed here, its a problem with systems pinned to old (and unsupported) versions.
If someone is offering long term support for the centos distros being used, this falls in their lap.
bnoordhuis
commented
4 years ago Closing per Sam's comment.
I have upgrade in my centos to
http-parser-2.7.1-8.el7_7.2.x86_64but my program stopped working. I am getting 502 Bad Gateway but nothing to see in my logs. When I downgraded it, it started work again. How can I debug http parser to see what is the problem?