Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: minor cleanup for node_revert #14864

Closed
wants to merge 1 commit into from
Closed

src: minor cleanup for node_revert #14864

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 0 additions & 2 deletions node.gyp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,6 @@
'src/node_main.cc',
'src/node_os.cc',
'src/node_platform.cc',
'src/node_revert.cc',
'src/node_serdes.cc',
'src/node_url.cc',
'src/node_util.cc',
Expand Down Expand Up @@ -647,7 +646,6 @@
'<(OBJ_PATH)<(OBJ_SEPARATOR)string_search.<(OBJ_SUFFIX)',
'<(OBJ_PATH)<(OBJ_SEPARATOR)stream_base.<(OBJ_SUFFIX)',
'<(OBJ_PATH)<(OBJ_SEPARATOR)node_constants.<(OBJ_SUFFIX)',
'<(OBJ_PATH)<(OBJ_SEPARATOR)node_revert.<(OBJ_SUFFIX)',
'<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)agent.<(OBJ_SUFFIX)',
'<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_buffer.<(OBJ_SUFFIX)',
'<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_writer.<(OBJ_SUFFIX)',
Expand Down
7 changes: 5 additions & 2 deletions src/node.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,9 @@ static bool trace_enabled = false;
static std::string trace_enabled_categories; // NOLINT(runtime/string)
static bool abort_on_uncaught_exception = false;

// Bit flag used to track security reverts (see node_revert.h)
unsigned int reverted = 0;

#if defined(NODE_HAVE_I18N_SUPPORT)
// Path to ICU data (for i18n / Intl)
std::string icu_data_dir; // NOLINT(runtime/string)
Expand Down Expand Up @@ -3437,11 +3440,11 @@ void SetupProcessObject(Environment* env,
// --security-revert flags
#define V(code, _, __) \
do { \
if (IsReverted(REVERT_ ## code)) { \
if (IsReverted(SECURITY_REVERT_ ## code)) { \
READONLY_PROPERTY(process, "REVERT_" #code, True(env->isolate())); \
} \
} while (0);
REVERSIONS(V)
SECURITY_REVERSIONS(V)
#undef V

size_t exec_path_len = 2 * PATH_MAX;
Expand Down
1 change: 0 additions & 1 deletion src/node_config.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@
#include "util-inl.h"
#include "node_debug_options.h"


namespace node {

using v8::Boolean;
Expand Down
53 changes: 0 additions & 53 deletions src/node_revert.cc
View file
Open in desktop

This file was deleted.

65 changes: 43 additions & 22 deletions src/node_revert.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,40 +6,61 @@
#include "node.h"

/**
* Note that it is expected for this list to vary across specific LTS and
* Stable versions! Only CVE's whose fixes require *breaking* changes within
* a given LTS or Stable may be added to this list, and only with CTC
* consensus.
* Note that it is expected for this list to vary across specific LTS and
* Stable versions! Only CVE's whose fixes require *breaking* changes within
* a given LTS or Stable may be added to this list, and only with CTC
* consensus.
*
* For *master* this list should always be empty!
*
**/
#define REVERSIONS(XX)
// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")

namespace node {

typedef enum {
#define V(code, _, __) REVERT_ ## code,
REVERSIONS(V)
#undef V
} reversions_t;
#define SECURITY_REVERSIONS(XX)
// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")

enum reversion {
#define V(code, ...) SECURITY_REVERT_##code,
SECURITY_REVERSIONS(V)
#undef V
};

/* A bit field for tracking the active reverts */
extern unsigned int reverted;

/* Revert the given CVE (see reversions_t enum) */
void Revert(const unsigned int cve);
inline const char* RevertMessage(const reversion cve) {
#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
switch (cve) {
SECURITY_REVERSIONS(V)
default:
return "Unknown";
}
#undef V
}

/* Revert the given CVE by label */
void Revert(const char* cve);
inline void Revert(const reversion cve) {
reverted |= 1 << cve;
printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
}

/* true if the CVE has been reverted **/
bool IsReverted(const unsigned int cve);
inline void Revert(const char* cve) {
#define V(code, label, _) \
if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
SECURITY_REVERSIONS(V)
#undef V
printf("Error: Attempt to revert an unknown CVE [%s]\n", cve);
exit(12);
}

/* true if the CVE has been reverted **/
bool IsReverted(const char * cve);
inline bool IsReverted(const reversion cve) {
return reverted & (1 << cve);
}

inline bool IsReverted(const char* cve) {
#define V(code, label, _) \
if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
SECURITY_REVERSIONS(V)
return false;
#undef V
}

} // namespace node

Expand Down