mirror of https://github.com/nodejs/node.git synced 2025-05-05 05:53:11 +00:00

History

Tobias Nießen 499533f72a crypto: fix handling of malicious getters (scrypt) It is possible to bypass parameter validation in crypto.scrypt and crypto.scryptSync by crafting option objects with malicious getters as demonstrated in the regression test. After bypassing validation, any value can be passed to the C++ layer, causing an assertion to crash the process. Fixes: https://github.com/nodejs/node/issues/28836 PR-URL: https://github.com/nodejs/node/pull/28838 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>		2019-07-26 10:19:28 -07:00
..
assert	assert: avoid potentially misleading reference to object identity	2019-07-25 22:36:29 -07:00
bootstrap	policy: add policy-integrity to mitigate policy tampering	2019-07-20 13:24:58 -07:00
cluster	lib: correct error.errno to always be numeric	2019-06-17 10:18:09 +08:00
console	console: fix table() output	2019-05-30 08:44:34 +02:00
crypto	crypto: fix handling of malicious getters (scrypt)	2019-07-26 10:19:28 -07:00
dns	dns: refactor internal/dns/promises.js	2019-04-16 16:19:14 -07:00
fs	fs: document the Date conversion in Stats objects	2019-06-17 11:54:34 +02:00
http2	http2: compat req.complete	2019-07-20 22:04:17 -07:00
main	doc: add line for inspect host:port invocation	2019-07-11 20:40:08 -07:00
modules	module: implement "exports" proposal for CommonJS	2019-07-23 16:11:20 -07:00
per_context	bootstrap: delay the instantiation of maps in per-context scripts	2019-04-26 07:23:42 +02:00
policy	lib: use safe methods from primordials	2019-04-08 11:23:09 +02:00
process	report: modify getReport() to return an Object	2019-07-12 14:48:09 -07:00
readline	lib: rename lib/internal/readline.js	2019-07-20 11:56:53 -07:00
repl	deps: update acorn to 6.2.0	2019-07-15 00:04:50 +02:00
streams	stream: add null push transform in async_iterator	2019-07-20 22:32:08 -07:00
test	src: replace heap_utils.createHeapSnapshot with v8.getHeapSnapshot	2019-03-19 01:04:51 +08:00
util	process: split routines used to enhance fatal exception stack traces	2019-06-27 20:22:08 +08:00
vm	module: initialize module_wrap.callbackMap during pre-execution	2019-04-25 12:11:10 +08:00
worker	worker: only unref port for stdin if we ref’ed it before	2019-06-20 11:27:27 -06:00
assert.js	lib: throw a special error in internal/assert	2019-04-25 01:29:48 +02:00
async_hooks.js	async_hooks: only disable promise hook if wanted	2019-05-13 12:47:45 +02:00
buffer.js	tools: update eslint	2019-06-27 11:57:19 +02:00
child_process.js	child_process: runtime deprecate _channel	2019-05-31 11:13:25 -04:00
cli_table.js	lib: use safe methods from primordials	2019-04-08 11:23:09 +02:00
constants.js	os: lazy loaded	2018-05-18 15:25:41 +02:00
dgram.js	src: move guessHandleType in the util binding	2019-04-20 13:25:41 +08:00
dtrace.js	lib: move DTRACE_* probes out of global scope	2019-03-12 14:19:36 +00:00
encoding.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
error-serdes.js	lib: use safe methods from primordials	2019-04-08 11:23:09 +02:00
errors.js	module: implement "exports" proposal for CommonJS	2019-07-23 16:11:20 -07:00
fixed_queue.js	lib: expose FixedQueue internally and fix nextTick bug	2018-05-06 07:21:32 +02:00
freelist.js	lib: faster FreeList	2019-04-11 05:40:59 +02:00
freeze_intrinsics.js	bootstrap: --frozen-intrinsics override problem workaround	2019-06-22 23:17:44 +02:00
http.js	perf_hooks: add HttpRequest statistics monitoring #28445	2019-07-12 00:36:27 +02:00
idna.js	lib: convert legacy process.binding to internalBinding	2019-02-18 07:21:48 +01:00
inspector_async_hook.js	process: register the inspector async hooks in bootstrap/node.js	2019-01-16 16:19:22 +08:00
js_stream_socket.js	stream: use readableObjectMode public api for js stream	2019-05-19 23:37:51 +02:00
linkedlist.js	linkedlist: correct grammar in comments	2017-07-31 08:03:19 +08:00
net.js	lib: correct error.errno to always be numeric	2019-06-17 10:18:09 +08:00
options.js	src: cache the result of GetOptions() in JS land	2018-11-07 20:40:38 -08:00
priority_queue.js	timers: fix priority queue removeAt	2018-11-14 20:38:00 -08:00
querystring.js	lib: move encodeStr function to internal for reusable	2018-11-20 18:24:02 -08:00
readme.md	doc: clarify text about internal module changes	2018-07-31 08:28:40 +03:00
repl.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
socket_list.js	benchmark,lib: change var to const	2019-03-30 13:16:39 +01:00
stream_base_commons.js	util: access process states lazily in debuglog	2019-04-20 00:30:38 +08:00
timers.js	lib: remove Reflect.apply where appropriate	2019-04-30 08:36:55 +02:00
tls.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
trace_events_async_hooks.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
tty.js	repl: fix terminal default setting	2019-03-25 16:28:07 +01:00
url.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
util.js	process: split routines used to enhance fatal exception stack traces	2019-06-27 20:22:08 +08:00
v8_prof_polyfill.js	v8_prof_polyfill: remove unused catch bindings	2018-11-06 10:59:04 -05:00
v8_prof_processor.js	lib: force using primordials for JSON, Math and Reflect	2019-04-03 21:36:08 +08:00
validators.js	lib: support min/max values in validateInteger()	2019-07-23 14:57:47 -07:00
worker.js	worker: assign missing deprecation code	2019-07-03 22:13:54 +02:00

readme.md

Internal Modules

The modules in lib/internal are intended for internal use in Node.js core only, and are not accessible with require() from user modules. These modules can be changed at any time. Reliance on these modules outside of core is not supported in any way.