polling connection request.headers.origin has invalid characters cause uncaughtException throw

[ttoltw]

You want to:

• report a bug

Current behaviour

polling connection request.headers.origin has invalid characters cause uncaughtException throw.

error stack:

TypeError: The header content contains invalid characters
    at storeHeader (_http_outgoing.js:319:11)
    at ServerResponse.OutgoingMessage._storeHeader (_http_outgoing.js:228:9)
    at ServerResponse.writeHead (_http_server.js:221:8)
    at IncomingMessage.onEnd (/opt/pushnode/node_modules/engine.io/lib/transports/polling.js:180:9)
    at emitNone (events.js:86:13)
    at IncomingMessage.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:974:12)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)
    at process._tickDomainCallback (internal/process/next_tick.js:128:9)

Steps to reproduce (if the current behaviour is a bug)

1. start a socket.io server
2. send a polling connection request, headers.origin contain invalid characters(\x027)

echo -en "GET /socket.io/?rid=0&EIO=3&transport=polling HTTP/1.1\r\nHost: 127.0.0.1:3000\r\nOrigin:\x027.com\r\n\r\n" | nc 127.0.0.1 3000

Expected behaviour

disconnect client connection , don't throw error, maybe emit an error event

Setup

• OS: Ubuntu 16.04.2 LTS , NodeJs v6.10.3
• browser:
• engine.io version: 1.6.8 (socket.io 1.4.5)

Other information (e.g. stacktraces, related issues, suggestions how to fix)

check headers.origin value before writeHeader() or just wrap writeHeader() in try/catch

nodejs/node@7bef1b7907

[darrachequesne]

Good catch, thanks! #531 should fix the issue.