17

I created a sample to post data to a rest services and I found out that when I have non-ascii or non-latin character (please see data.firstName), my post request using TEST-REST.js will throw

error: { [Error: socket hang up] code: 'ECONNRESET' }.

// TEST-REST.js
var http = require('http');

var data = JSON.stringify({
  firstName: 'JoaquÌn',
});

var options = {
  host: '127.0.0.1',
  port: 3000,
  path: '/users',
  method: 'POST',
  headers: {
    'Content-Type': 'application/json',
    'Content-Length': data.length
  }
};

var req = http.request(options, function(res) {
  var result = '';

  res.on('data', function(chunk) {
    result += chunk;
  });

  res.on('end', function() {
    console.log(result);
  });
});

req.on('error', function(err) {
  console.log(err);
});

req.write(data);
req.end();

and on my rest services, it throw me error like this:

SyntaxError: Unexpected end of input Sun Sep 08 2013 23:25:02 GMT-0700 (PDT) -     at Object.parse (native)
    at IncomingMessage.<anonymous> (/Volumes/Data/Program_Data/GitHub/app/node_modules/express/node_modules/connect/lib/middleware/json.js:66:27) info    at IncomingMessage.EventEmitter.emit (events.js:92:17)
    at _stream_readable.js:920:16 : - - - [Mon, 09 Sep 2013 06:25:02 GMT] "POST /users HTTP/1.1" 400 - "-" "-"
    at process._tickDomainCallback (node.js:459:13)

if I replace firstName value from 'JoaquÌn' to 'abc', everything works just fine. I think I'm missing something to support or escape to make it work.

does anyone have any idea how I solve this problem? I also tried following: require('querystring').escape(model.givenName), and it works but I'm not happy with it.

UPDATED I found out that if I comment out: app.use(express.bodyParser());, the error disappears.

Nam Nguyen
  • 5,668
  • 14
  • 56
  • 70
  • 1
    try `'Content-Type': 'application/json; charset=utf-8'` – vinayr Sep 09 '13 at 07:00
  • Can you test it without `Content-length` header. – user568109 Sep 09 '13 at 07:07
  • actually this is connect issue: https://github.com/visionmedia/express/issues/1749 . Resolved by changing 'Content-Length': Buffer.byteLength(data) – Nam Nguyen Sep 09 '13 at 07:24
  • 1
    This was a very good catch, Nam. I was not aware of this vulnerability until you brought it to my attention. Thanks for posting this question! – Eric Elliott Sep 12 '13 at 22:38
  • Restarting laptop resolved this problem for me. My client send a request to a remote server, and receive no timely response. And hence throwing this error. Restarting laptop refreshing network to resolve this problem. – Vikas Piprade Oct 12 '22 at 06:22

2 Answers2

44

This is node's issue, not express's issue. https://github.com/visionmedia/express/issues/1749

to resolve, change from

'Content-Length': data.length

to

'Content-Length': Buffer.byteLength(data)

RULE OF THUMB

Always use Buffer.byteLength() when you want to find the content length of strings

UPDATED

We also should handle error gracefully on server side to prevent crashing by adding middleware to handle it.

app.use(function (error, req, res, next) {
  if (!error) {
    next();
  } else {
    console.error(error.stack);
    res.send(500);
  }
});
Nam Nguyen
  • 5,668
  • 14
  • 56
  • 70
  • Did you try without Content-length header ? – user568109 Sep 09 '13 at 07:35
  • I tried without Content-length and it worked as well. However, I'm not sure if we leave out Content-Length, would it cause any issue in the future? – Nam Nguyen Sep 09 '13 at 08:10
  • This is a very bad idea, because it will catch *all* unhandled exceptions which could leave your app running in an undefined state. When an unexpected error happens, you should always shut down the process so your service has the chance to repair itself. – Eric Elliott Sep 12 '13 at 18:28
  • 1
    Also, this is not Node's issue. It's a connect issue. – Eric Elliott Sep 12 '13 at 18:28
  • they said "not issue of either connect or express", it's node issue. I believe it's connect issue because it's so obvious that it's on connect module that throw errors. I agree with you @EricElliott – Nam Nguyen Sep 12 '13 at 18:33
  • For community info in case if anyone want to see, this is the issue that i files on Connect and **HOPE** Connect team will have a second look and fix the issue: https://github.com/senchalabs/connect/issues/889 – Nam Nguyen Sep 12 '13 at 19:03
  • @NamNguyen any ideas how i can get the length of a filestream? I was using stats of the file but for some reason it's not working anymore and i get the mentioned error.. – Captain Obvious May 05 '14 at 20:17
1

The problem is that if you don't handle this error and keep the server alive, this remote crash exploit could be used for a DOS attack. However, you can handle it and continue on, and still shut down the process when unhandled exceptions occur (which prevents you from running in undefined state -- a very bad thing).

The connect module handles the error and calls next(), sending back an object with the message body and status = 400. In your server code, you can add this after express.bodyParser():

var exit = function exit() {
  setTimeout(function () {
    process.exit(1);
  }, 0);
};

app.use(function (error, req, res, next) {
  if (error.status === 400) {
    log.info(error.body);
    return res.send(400);
  }

  log.error(error);
  exit();
});
Eric Elliott
  • 4,711
  • 1
  • 25
  • 33
  • 1
    I will copy your solution @Eric Elliot, ;) – Nam Nguyen Sep 12 '13 at 22:45
  • 1
    Elliot, I believe you will update your solution since this error handler function will only be called when there is an error. So if (error) statement will always be true. Any thought? – Nam Nguyen Sep 13 '13 at 17:46