Age | Commit message (Collapse) | Author |
|
PR-URL: https://github.com/nodejs/node/pull/44758
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Tierney Cyren <hello@bnb.im>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
|
|
This is a security release.
Notable changes:
The following CVEs are fixed in this release:
* CVE-2022-32212: DNS rebinding in --inspect on macOS (High)
* CVE-2022-32213: bypass via obs-fold mechanic (Medium)
* CVE-2022-35256: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields (Medium)
PR-URL: https://github.com/nodejs-private/node-private/pull/348
|
|
Commit dae283d96f from August 2020 introduced a call to EntropySource()
in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There
are two problems with that:
1. It does not check the return value, it assumes EntropySource() always
succeeds, but it can (and sometimes will) fail.
2. The random data returned byEntropySource() may not be
cryptographically strong and therefore not suitable as keying
material.
An example is a freshly booted system or a system without /dev/random or
getrandom(2).
EntropySource() calls out to openssl's RAND_poll() and RAND_bytes() in a
best-effort attempt to obtain random data. OpenSSL has a built-in CSPRNG
but that can fail to initialize, in which case it's possible either:
1. No random data gets written to the output buffer, i.e., the output is
unmodified, or
2. Weak random data is written. It's theoretically possible for the
output to be fully predictable because the CSPRNG starts from a
predictable state.
Replace EntropySource() and CheckEntropy() with new function CSPRNG()
that enforces checking of the return value. Abort on startup when the
entropy pool fails to initialize because that makes it too easy to
compromise the security of the process.
Refs: https://hackerone.com/bugs?report_id=1690000
Refs: https://github.com/nodejs/node/pull/35093
|
|
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/337
CVE-ID: CVE-2022-32212, CVE-2018-7160
|
|
Fix multiple instances of those uncovered while running the tests on
debug builds.
Fixes: https://github.com/nodejs/node-v8/issues/227
PR-URL: https://github.com/nodejs/node/pull/44669
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
|
|
Deprecation should reference a valid deprecation code.
PR-URL: https://github.com/nodejs/node/pull/44624
Refs: https://github.com/nodejs/node/pull/36510
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Michael Dawson <midawson@redhat.com>
|
|
The file does not use sysconf() and its use of gethostname() has been
removed, so including <unistd.h> appears to be unnecessary.
PR-URL: https://github.com/nodejs/node/pull/44668
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
Enables `--experimental-global-webcrypto` by default, and ensures that
the classic `node:crypto` core module is still available in `--eval` or
`--print` contexts.
PR-URL: https://github.com/nodejs/node/pull/42083
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
|
|
ClientHelloParser::ParseHeader(data, avail) potentially accesses data
beyond avail bytes because it trusts the client to transmit a valid
frame length. Sending an impossibly small frame length causes the TLS
server to read beyond the buffer provided by the caller.
Guard against this by calling End() on the ClientHelloParser when the
client transmits an impossibly small frame length.
The test is designed to reliable cause a segmentation fault on Linux and
Windows when the buffer overrun occurs, and to trigger a spatial safety
violation when compiled with an address sanitizer enabled or when
running under valgrind.
PR-URL: https://github.com/nodejs/node/pull/44580
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44616
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Daeyeon Jeong <daeyeon.dev@gmail.com>
|
|
This commit allows throwing an exception after creating `FSReqCallback`
Co-authored-by: Anna Henningsen <anna@addaleax.net>
PR-URL: https://github.com/nodejs/node/pull/44074
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Instead of removing the callback before generating heap snapshot
and then adding it back after the heap snapshot is generated,
just remove it once the heap snapshot limit is reached.
Otherwise if the worker callback kicks in and sets the heap
limit to higher value during the heap snapshot generation,
the current_heap_limit in the heap snapshot callback becomes
invalid, and we might return a heap limit lower than the current
one, resulting in OOM.
In addition add more logs and checks in Worker::NearHeapLimit()
to help us catch problems.
PR-URL: https://github.com/nodejs/node/pull/44581
Refs: https://github.com/nodejs/reliability/issues/372
Reviewed-By: theanarkh <theratliter@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
When process exits, dump v8 isolate's internal stats for performance
evaluation and debugging.
It fixed the incorrect profiling log output when running V8's builtin
PGO profiling for node.js service type application,which exits by user
pressing CTRL+C etc. keys.
PR-URL: https://github.com/nodejs/node/pull/44534
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
Workers can open their own inspector agent with `inspector.open`.
They should be able to close their own inspector agent too with
`inspector.close`.
PR-URL: https://github.com/nodejs/node/pull/44489
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
PR-URL: https://github.com/nodejs/node/pull/44488
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44520
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44420
Refs: https://github.com/nodejs/node/pull/33010
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
|
|
Each Realm tracks its own cleanup hooks and drains the hooks when it is
going to be destroyed.
Moves the implementations of the cleanup queue to its own class so that
it can be used in `node::Realm` too.
PR-URL: https://github.com/nodejs/node/pull/44379
Refs: https://github.com/nodejs/node/pull/44348
Refs: https://github.com/nodejs/node/issues/42528
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44472
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44427
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Qingyu Deng <i@ayase-lab.com>
|
|
Avoid manual memory management (i.e., calling MallocOpenSSL). This
leaves less room for memory leaks and other bugs.
PR-URL: https://github.com/nodejs/node/pull/44479
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
|
|
PR-URL: https://github.com/nodejs/node/pull/44366
Fixes: https://github.com/nodejs/node/issues/40429
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
|
|
RAND_bytes() may return 0 to indicate an error, in which case the buffer
might not have been filled with random data at all. Instead of ignoring
this case, let V8 use its own entropy source. Historically, this used to
be a weak source of entropy, but V8 now implements a proper source even
on Windows. And even if V8's own entropy source turns out to be weak, it
does not matter much: V8's PRNG itself is not cryptographically secure,
so even if it is seeded from a cryptographically secure entropy source,
it does not produce cryptographically secure random numbers.
PR-URL: https://github.com/nodejs/node/pull/44493
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Mohammed Keyvanzadeh <mohammadkeyvanzade94@gmail.com>
|
|
Despite being named onend_arg, the pointer is passed both to the
onend_cb and to the onhello_cb. Rename it to cb_arg, which matches the
name of the class field cb_arg_.
PR-URL: https://github.com/nodejs/node/pull/44500
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
|
|
We already do this in some places. This adds the digest name to
remaining uses of ERR_CRYPTO_INVALID_DIGEST except for one occurrence in
crypto_sig.cc that would require significant refactoring due to the
unusual error handling there.
PR-URL: https://github.com/nodejs/node/pull/44468
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
When a new context with a different security token is entered, or
when no context is entered, `StackTrace::CurrentStackTrace` need to
be explicitly set with flag `kExposeFramesAcrossSecurityOrigins` to
avoid crashing.
PR-URL: https://github.com/nodejs/node/pull/44398
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
|
|
`Environment::GetCurrent` may not available in the context of OOM.
Removes the cyclic `Environment::GetCurrent` and `env->isolate()`
calls to ensure both `isolate` and `env` is present if available.
However, this behavior is not guaranteed. As
`Environment::GetCurrent` didn't allocate new handles in the heap,
when a Context is entered it can still get the valid env pointer.
Removes the unstable assertion of the absence of env in the test.
PR-URL: https://github.com/nodejs/node/pull/44398
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
|
|
If sk_X509_new() returns NULL or if sk_X509_push() fails, return instead
of silently ignoring the error.
PR-URL: https://github.com/nodejs/node/pull/44410
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44470
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
Given that the divisor is not zero, the result of dividing unsigned
integers is an unsigned integer that is always rounded down, i.e.,
there is no need to call std::trunc(). Doing so unnecessarily yields
a floating-point number, requiring the result to be cast to an unsigned
integer again.
PR-URL: https://github.com/nodejs/node/pull/44467
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
Allow add-ons to interrupt JavaScript execution, and wake up loop if it
is currently idle.
PR-URL: https://github.com/nodejs/node/pull/44362
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
|
|
PR-URL: https://github.com/nodejs/node/pull/44306
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44386
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
To distinguish per-context values from the node::Environment, split
those values to a new node::Realm structure and consolidate
bootstrapping methods with it.
PR-URL: https://github.com/nodejs/node/pull/44179
Refs: https://github.com/nodejs/node/issues/42528
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Derived classes' fields are already destroyed if the virtual methods are
invoked in the base class's destructor. It is not safe to call virtual
methods in base's dtor.
PR-URL: https://github.com/nodejs/node/pull/44424
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
|
|
node::base64_encode() uses ::base64_encode() when the mode is
Base64Mode::NORMAL, so base64_select_table is only ever called for
Base64Mode::URL and thus only ever returns base64_table_url, but never
base64_table.
Also move base64_table_url into base64-inl.h.
PR-URL: https://github.com/nodejs/node/pull/44425
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
|
|
oaep_label is the name of the C++ variable. Use oaepLabel instead, which
is the name of the documented option.
PR-URL: https://github.com/nodejs/node/pull/44455
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: theanarkh <theratliter@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44421
Refs: https://github.com/nodejs/node/pull/44401
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44411
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
|
|
The definitions in v8abbr.h, except for NODE_OFF_EXTSTR_DATA, were only
used for dtrace, which has been removed.
Refs: https://github.com/nodejs/node/pull/43652
PR-URL: https://github.com/nodejs/node/pull/44402
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44435
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: LiviaMedeiros <livia@cirno.name>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
|
|
The "node_http2.h" include reordering enforced by clang-format broke
Electron's Node.js upgrade on Windows. ssize_t is a part of the POSIX
standard and it's not available on Windows, so the fix for this is to
include "node.h" which typedefs it on Windows in
https://github.com/nodejs/node/blob/bb4dff783ddb3b20c67041f7ccef796c335c2407/src/node.h#L212-L220.
Refs: https://github.com/electron/electron/pull/35350#discussion_r954890551
Signed-off-by: Darshan Sen <raisinten@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/44393
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Shelley Vohr <shelley.vohr@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44416
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
PR-URL: https://github.com/nodejs/node/pull/44057
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
Context's default IsCodeGenerationFromStringsAllowed value can be
changed by v8 flag `--disallow-code-generation-from-strings`. Restore
the value at runtime when delegating the code generation validation to
`node::ModifyCodeGenerationFromStrings`.
The context's settings are serialized in the snapshot. Reset the setting
values to its default values before the serialization so that it can be
correctly re-initialized after deserialization at runtime.
PR-URL: https://github.com/nodejs/node/pull/44324
Fixes: https://github.com/nodejs/node/issues/44287
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
|
|
The previous implementation was typically compiled to a fair amount of
code even though all inputs are available at compile time.
The fact that GetOpenSSLVersion() returns a std::string and used an
uninitialized buffer with snprintf made it impossible to make
GetOpenSSLVersion() a constexpr, and compilers would typically emit code
to dynamically construct the resulting string.
The simplified implementation usually boils down to a few mov
instructions.
(Ideally, this function could be a constexpr returning a
std::string_view, but that does not have any advantage in the current
design of node::Metadata::Versions which stores versions as
std::string instances.)
Also make the function static since it is not in an anonymous namespace
and change the argument types and the return type of search() to
types that are more appropriate, semantically. (The use of snprintf
previously made this difficult.) Lastly, make the n argument of search()
optional because the simplified implementation always sets it to 0
except during recursive calls within search() itself.
PR-URL: https://github.com/nodejs/node/pull/44395
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Shelley Vohr <shelley.vohr@gmail.com>
Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
|
|
Doesn't change much but communicates to readers that these
are compile-time conditionals.
PR-URL: https://github.com/nodejs/node/pull/44291
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Feng Yu <F3n67u@outlook.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
|
|
There is no need to explicitly branch based on num_curves or on the
return value of the second call to EC_get_builtin_curves. Remove
unnecessary branches and replace the loop with a functional transform.
PR-URL: https://github.com/nodejs/node/pull/44309
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
|
PR-URL: https://github.com/nodejs/node/pull/44367
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
|
|
Unify the implementation and perform the same OpenSSL calls regardless
of whether the key and/or salt are empty. This simplifies the code and
improves coverage.
Refs: https://github.com/nodejs/node/pull/44201
PR-URL: https://github.com/nodejs/node/pull/44272
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
|