jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-08 12:29:38 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
28,253 Commits 67 Branches 878 Tags 2.1 GiB
1a25e901b7
Commit Graph

7 Commits

Author SHA1 Message Date
Ruben Bridgewater
693401d0dd
buffer: use stricter range checks 
This validates the input to make sure the arguments do not overflow.
Before, if the input would overflow, it would cause the write to be
performt in the wrong spot / result in unexpected behavior.
Instead, just use a strict number validation.

PR-URL: https://github.com/nodejs/node/pull/27045
Fixes: https://github.com/nodejs/node/issues/27043
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
 2019-04-15 17:21:34 +02:00
Anna Henningsen
31147c4704
buffer: do not affect memory after target for utf16 write 
Do not write one character too much before shifting the whole result
to the left when using UTF16-LE, possibly overwriting already-used
memory while doing so.

Fixes: https://github.com/nodejs/node/issues/26422

PR-URL: https://github.com/nodejs/node/pull/26432
Fixes: https://github.com/nodejs/node/issues/26422
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
 2019-03-07 00:40:21 +01:00
Rod Vagg
88105c998e buffer: avoid overrun on UCS-2 string write 
CVE-2018-12115
Discovered by ChALkeR - Сковорода Никита Андреевич
Fix by Anna Henningsen

Writing to the second-to-last byte with UCS-2 encoding will cause a -1
length to be send to String::Write(), writing all of the provided Buffer
from that point and beyond.

Fixes: https://github.com/nodejs-private/security/issues/203
PR-URL: https://github.com/nodejs-private/node-private/pull/138
 2018-08-16 19:14:15 +10:00
starkwang
dbfe8c4ea2
errors,buffer: port errors to internal/errors 
PR-URL: https://github.com/nodejs/node/pull/13976
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2017-07-12 17:00:30 -04:00
Nataly Shrits
20b00f3a36 test: replace indexOf with includes and startsWith 
PR-URL: https://github.com/nodejs/node/pull/13852
Refs: https://github.com/nodejs/node/issues/12586
Reviewed-By: Refael Ackermann <refack@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
 2017-07-02 23:36:39 +02:00
David Cai
a710e443a2
test: complete coverage of buffer 
PR-URL: https://github.com/nodejs/node/pull/12831
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Alexey Orlenko <eaglexrlnk@gmail.com>
Reviewed-By: Yuta Hiroto <hello@about-hiroppy.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
 2017-05-07 22:20:33 +02:00
David Cai
04796ee97f test: increase coverage of buffer 
Increase coverage of lib/buffer.js.

PR-URL: https://github.com/nodejs/node/pull/12714
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
 2017-05-03 10:35:56 +08:00