jiangcuo/node - node - Gitea: Git with a cup of tea

jiangcuo/node

Fork 0

mirror of https://github.com/nodejs/node.git synced 2025-05-07 12:03:30 +00:00

Commit Graph

Author SHA1 Message Date

Author	SHA1	Message	Date
Anna Henningsen	3217e8e66f	src: re-add `Realloc()` shrink after reading stream data This would otherwise keep a lot of unused memory lying around, and in particular add up to a page per chunk of memory overhead for network reads, potentially opening a DoS vector if the resulting `Buffer` objects are kept around indefinitely (e.g. stored in a list and not concatenated until the socket finishes). This fixes CVE-2018-7164. Refs: https://github.com/nodejs-private/security/issues/186 Refs: `7c4b09b24b` PR-URL: https://github.com/nodejs-private/node-private/pull/128 Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Evan Lucas <evanlucas@me.com>	2018-06-12 20:46:15 -04:00

Anna Henningsen

3217e8e66f

src: re-add Realloc() shrink after reading stream data

This would otherwise keep a lot of unused memory lying around,
and in particular add up to a page per chunk of memory overhead
for network reads, potentially opening a DoS vector if the resulting
`Buffer` objects are kept around indefinitely (e.g. stored in a list
and not concatenated until the socket finishes).

This fixes CVE-2018-7164.

Refs: https://github.com/nodejs-private/security/issues/186
Refs: 7c4b09b24b
PR-URL: https://github.com/nodejs-private/node-private/pull/128
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>

2018-06-12 20:46:15 -04:00

1 Commits