src: fix multiple format string bugs

The THROW_ERR_* functions interpret the first argument as a printf-like format string, which is problematic when it contains unsanitized user input. This typically happens when a printf-like function is used to produce the error message, which is then passed to a THROW_ERR_* function, which again interprets the error message as a format string. Fix such occurrences by properly formatting error messages using static format strings only, and in a single step. PR-URL: https://github.com/nodejs/node/pull/44314 Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2022-08-23 01:03:36 +0300
committer: GitHub <noreply@github.com> 2022-08-23 01:03:36 +0300
commit: fcd31c5110d510fe2fe94a93eb3eff77ab4b4e43 (patch)
tree: 811e52bd3c1a1ab2cf9c0b6309f322b455706ab5 /src/node_binding.cc
parent: a5671e266241b059565a7575683ff1445c0dc6fa (diff)
1 files changed, 18 insertions, 29 deletions
diff --git a/src/node_binding.cc b/src/node_binding.cc
index 60eca5c9fa5..fa67a45386e 100644
--- a/src/node_binding.cc
+++ b/src/node_binding.cc
@@ -459,7 +459,7 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) {
       // Windows needs to add the filename into the error message
       errmsg += *filename;
 #endif  // _WIN32
-      THROW_ERR_DLOPEN_FAILED(env, errmsg.c_str());
+      THROW_ERR_DLOPEN_FAILED(env, "%s", errmsg.c_str());
       return false;
     }
 
@@ -484,12 +484,8 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) {
         mp = dlib->GetSavedModuleFromGlobalHandleMap();
         if (mp == nullptr || mp->nm_context_register_func == nullptr) {
           dlib->Close();
-          char errmsg[1024];
-          snprintf(errmsg,
-                   sizeof(errmsg),
-                   "Module did not self-register: '%s'.",
-                   *filename);
-          THROW_ERR_DLOPEN_FAILED(env, errmsg);
+          THROW_ERR_DLOPEN_FAILED(
+              env, "Module did not self-register: '%s'.", *filename);
           return false;
         }
       }
@@ -504,23 +500,22 @@ void DLOpen(const FunctionCallbackInfo<Value>& args) {
         callback(exports, module, context);
         return true;
       }
-      char errmsg[1024];
-      snprintf(errmsg,
-               sizeof(errmsg),
-               "The module '%s'"
-               "\nwas compiled against a different Node.js version using"
-               "\nNODE_MODULE_VERSION %d. This version of Node.js requires"
-               "\nNODE_MODULE_VERSION %d. Please try re-compiling or "
-               "re-installing\nthe module (for instance, using `npm rebuild` "
-               "or `npm install`).",
-               *filename,
-               mp->nm_version,
-               NODE_MODULE_VERSION);
 
+      const int actual_nm_version = mp->nm_version;
       // NOTE: `mp` is allocated inside of the shared library's memory, calling
       // `dlclose` will deallocate it
       dlib->Close();
-      THROW_ERR_DLOPEN_FAILED(env, errmsg);
+      THROW_ERR_DLOPEN_FAILED(
+          env,
+          "The module '%s'"
+          "\nwas compiled against a different Node.js version using"
+          "\nNODE_MODULE_VERSION %d. This version of Node.js requires"
+          "\nNODE_MODULE_VERSION %d. Please try re-compiling or "
+          "re-installing\nthe module (for instance, using `npm rebuild` "
+          "or `npm install`).",
+          *filename,
+          actual_nm_version,
+          NODE_MODULE_VERSION);
       return false;
     }
     CHECK_EQ(mp->nm_flags & NM_F_BUILTIN, 0);
@@ -600,9 +595,7 @@ void GetInternalBinding(const FunctionCallbackInfo<Value>& args) {
                     builtins::BuiltinLoader::GetConfigString(env->isolate()))
               .FromJust());
   } else {
-    char errmsg[1024];
-    snprintf(errmsg, sizeof(errmsg), "No such module: %s", *module_v);
-    return THROW_ERR_INVALID_MODULE(env, errmsg);
+    return THROW_ERR_INVALID_MODULE(env, "No such module: %s", *module_v);
   }
 
   args.GetReturnValue().Set(exports);
@@ -632,12 +625,8 @@ void GetLinkedBinding(const FunctionCallbackInfo<Value>& args) {
     mod = FindModule(modlist_linked, name, NM_F_LINKED);
 
   if (mod == nullptr) {
-    char errmsg[1024];
-    snprintf(errmsg,
-             sizeof(errmsg),
-             "No such module was linked: %s",
-             *module_name_v);
-    return THROW_ERR_INVALID_MODULE(env, errmsg);
+    return THROW_ERR_INVALID_MODULE(
+        env, "No such module was linked: %s", *module_name_v);
   }
 
   Local<Object> module = Object::New(env->isolate());
author	Tobias Nießen <tniessen@tnie.de>	2022-08-23 01:03:36 +0300
committer	GitHub <noreply@github.com>	2022-08-23 01:03:36 +0300
commit	fcd31c5110d510fe2fe94a93eb3eff77ab4b4e43 (patch)
tree	811e52bd3c1a1ab2cf9c0b6309f322b455706ab5 /src/node_binding.cc
parent	a5671e266241b059565a7575683ff1445c0dc6fa (diff)