From 070b617eb067bba6faa37a26b9abda8548d7a4ea Mon Sep 17 00:00:00 2001
From: Brian White <mscdex@mscdex.net>
Date: Mon, 28 Dec 2015 18:41:34 -0500
Subject: [PATCH] http: fix non-string header value concatenation

Since headers are stored in an empty literal object ({}) instead
of an object created with Object.create(null), care must be taken
with property names inherited from Object. Currently there are
only functions inherited, so we can safely check for existing
strings instead.

Fixes: https://github.com/nodejs/node/issues/4456
---
 lib/_http_incoming.js                          | 2 +-
 test/parallel/test-http-server-multiheaders.js | 6 +++++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/_http_incoming.js b/lib/_http_incoming.js
index 5377c84d5d3c7e..581f62f129f120 100644
--- a/lib/_http_incoming.js
+++ b/lib/_http_incoming.js
@@ -165,7 +165,7 @@ IncomingMessage.prototype._addHeaderLine = function(field, value, dest) {
 
     default:
       // make comma-separated list
-      if (dest[field] !== undefined) {
+      if (typeof dest[field] === 'string') {
         dest[field] += ', ' + value;
       } else {
         dest[field] = value;
diff --git a/test/parallel/test-http-server-multiheaders.js b/test/parallel/test-http-server-multiheaders.js
index 7033ef8e7079f2..99d72988479928 100644
--- a/test/parallel/test-http-server-multiheaders.js
+++ b/test/parallel/test-http-server-multiheaders.js
@@ -16,6 +16,7 @@ var srv = http.createServer(function(req, res) {
   assert.equal(req.headers['x-bar'], 'banjo, bango');
   assert.equal(req.headers['sec-websocket-protocol'], 'chat, share');
   assert.equal(req.headers['sec-websocket-extensions'], 'foo; 1, bar; 2, baz');
+  assert.equal(req.headers['constructor'], 'foo, bar, baz');
 
   res.writeHead(200, {'Content-Type' : 'text/plain'});
   res.end('EOF');
@@ -48,7 +49,10 @@ srv.listen(common.PORT, function() {
       ['sec-websocket-protocol', 'share'],
       ['sec-websocket-extensions', 'foo; 1'],
       ['sec-websocket-extensions', 'bar; 2'],
-      ['sec-websocket-extensions', 'baz']
+      ['sec-websocket-extensions', 'baz'],
+      ['constructor', 'foo'],
+      ['constructor', 'bar'],
+      ['constructor', 'baz'],
     ]
   });
 });