mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-09 10:28:47 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
bun.sh/test/js/node/http2
History
Ciro Spaciari 0ad562d3bd fix(http2) Fix SSLWrapper and allow injecting connections in Http2SecureServer (#26539) 
### What does this PR do?

Enables the `net.Server → Http2SecureServer` connection upgrade pattern
used by libraries like
[http2-wrapper](https://github.com/szmarczak/http2-wrapper),
[crawlee](https://github.com/apify/crawlee), and custom HTTP/2 proxy
servers. This pattern works by accepting raw TCP connections on a
`net.Server` and forwarding them to an `Http2SecureServer` via
`h2Server.emit('connection', rawSocket)`.

#### Bug fixes

**SSLWrapper use-after-free (Zig)**

Two use-after-free bugs in `ssl_wrapper.zig` are fixed:

1. **`flush()` stale pointer** — `flush()` captured the `ssl` pointer
*before* calling `handleTraffic()`, which can trigger a close callback
that frees the SSL object via `deinit`. The pointer was then used after
being freed. Fix: read `this.ssl` *after* `handleTraffic()` returns.

2. **`handleReading()` null dereference** — `handleReading()` called
`triggerCloseCallback()` after `triggerDataCallback()` without checking
whether the data callback had already closed the connection. This led to
a null function pointer dereference. Fix: check `this.ssl == null ||
this.flags.closed_notified` before calling the close callback.

### How did you verify your code works?

- Added **13 in-process tests** (`node-http2-upgrade.test.mts`) covering
the `net.Server → Http2SecureServer` upgrade path:
  - GET/POST requests through upgraded connections
  - Sequential requests sharing a single H2 session
  - `session` event emission
  - Concurrent clients with independent sessions
  - Socket close ordering (rawSocket first vs session first) — no crash
  - ALPN protocol negotiation (`h2`)
  - Varied status codes (200, 302, 404)
  - Client disconnect mid-response (stream destroyed early)
  - Three independent clients producing three distinct sessions
- Tests use `node:test` + `node:assert` and **pass in both Bun and
Node.js**
- Ported `test-http2-socket-close.js` from the Node.js test suite,
verifying no segfault when the raw socket is destroyed before the H2
session is closed

---------

Co-authored-by: claude[bot] <209825114+claude[bot]@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2026-02-04 19:23:29 -08:00
..
helpers.js
feat(http2) Client Support (#6761)
2023-11-17 18:14:54 -08:00
http2-helpers.cjs
test(http2): refactor tests to use describe.concurrent and await using (#25893)
2026-01-07 23:15:50 -08:00
node-echo-server.fixture.js
test(http2): refactor tests to use describe.concurrent and await using (#25893)
2026-01-07 23:15:50 -08:00
node-http2-continuation-server.fixture.js
fix(http2): fix settings, window size handling, and dynamic header buffer allocation (#26119)
2026-01-22 14:35:18 -08:00
node-http2-continuation.test.ts
fix(http2): fix settings, window size handling, and dynamic header buffer allocation (#26119)
2026-01-22 14:35:18 -08:00
node-http2-memory-leak.js
Unskip some tests (#22116)
2025-08-27 06:39:11 -07:00
node-http2-upgrade.test.mts
fix(http2) Fix SSLWrapper and allow injecting connections in Http2SecureServer (#26539)
2026-02-04 19:23:29 -08:00
node-http2.test.js
test(http2): refactor tests to use describe.concurrent and await using (#25893)
2026-01-07 23:15:50 -08:00