- Use assert to check mode in the Zlib constructor since it should
only be passed by us.
- Introduce checkRangesOrGetDefault() and checkFiniteNumber()
to simplify type and range checking for numeric arguments
- Instead of `ERR_INVALID_OPT_VALUE`, throw `ERR_OUT_OF_RANGE` and
`ERR_INVALID_ARG_TYPE` with descriptions of the expected ranges
or types to make the errors more user-friendly.
- Add message tests for the changed errors
PR-URL: https://github.com/nodejs/node/pull/18675
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
On 4 April 2017, Node.js versions v4.8.2 and v6.10.2 were
released. These versions bumped the vendored zlib library from
v1.2.8 to v1.2.11 in response to what it describes as low-severity
CVEs. In zlib v1.2.9, a change was made that causes an error to be
raised when a raw deflate stream is initialised with windowBits set
to 8.
In zlib v1.2.9, 8 become an invalid value for this parameter, and Node's zlib
module will crash if you call this:
```
zlib.createDeflateRaw({windowBits: 8})
```
On some versions this crashes Node and you cannot recover from it, while on some
versions it throws an exception. The permessage-deflate library up to
version v0.1.5 does make such a call with no try/catch
This commit reverts to the original behavior of zlib by gracefully changed
windowBits: 8 to windowBits: 9 for raw deflate streams.
Original-PR-URL: https://github.com/nodejs-private/node-private/pull/95
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/16511
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
We are currenly builing Node with --shared-zlib which happens to be
version 1.2.8. The test for zlib.createDeflateRaw is expected to fail
but does not when using version 1.2.8.
As far as I can tell the fix referred to in the comments was
introduced in version 1.2.9:
- Reject a window size of 256 bytes if not using the zlib wrapper
This commit suggests adding a check for the version and skipping this
assert if the version is less than 1.2.9.
Refs: http://zlib.net/ChangeLog.txt
PR-URL: https://github.com/nodejs/node/pull/13697
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
This commit fixes the Node process crashing when constructors of classes
of the zlib module are given invalid options.
* Throw an Error when the zlib library rejects the value of windowBits,
instead of crashing with an assertion.
* Treat windowBits and memLevel options consistently with other ones and
don't crash when non-numeric values are given.
* Fix bugs in the validation logic:
- Don't conflate 0 and undefined when checking if a field of an
options object exists.
- Treat NaN and Infinity values the same way as values of invalid
types instead of allowing to actually set zlib options to NaN or
Infinity.
PR-URL: https://github.com/nodejs/node/pull/13098
Fixes: https://github.com/nodejs/node/issues/13082
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
