jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-01 08:42:45 +00:00
Code Issues Actions 19 Packages Projects Releases Wiki Activity
cb15fc56d8
node/test/parallel/test-process-dlopen-error-message-crash.js
Tobias Nießen fcd31c5110
src: fix multiple format string bugs 
The THROW_ERR_* functions interpret the first argument as a printf-like
format string, which is problematic when it contains unsanitized user
input. This typically happens when a printf-like function is used to
produce the error message, which is then passed to a THROW_ERR_*
function, which again interprets the error message as a format string.

Fix such occurrences by properly formatting error messages using static
format strings only, and in a single step.

PR-URL: https://github.com/nodejs/node/pull/44314
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Zeyu "Alex" Yang <himself65@outlook.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2022-08-22 22:03:36 +00:00

47 lines
1.5 KiB
JavaScript
Raw Blame History

'use strict';
// This is a regression test for some scenarios in which node would pass
// unsanitized user input to a printf-like formatting function when dlopen
// fails, potentially crashing the process.
const common = require('../common');
const tmpdir = require('../common/tmpdir');
tmpdir.refresh();
const assert = require('assert');
const fs = require('fs');
// This error message should not be passed to a printf-like function.
assert.throws(() => {
process.dlopen({ exports: {} }, 'foo-%s.node');
}, ({ name, code, message }) => {
assert.strictEqual(name, 'Error');
assert.strictEqual(code, 'ERR_DLOPEN_FAILED');
if (!common.isAIX) {
assert.match(message, /foo-%s\.node/);
}
return true;
});
const notBindingDir = 'test/addons/not-a-binding';
const notBindingPath = `${notBindingDir}/build/Release/binding.node`;
const strangeBindingPath = `${tmpdir.path}/binding-%s.node`;
// Ensure that the addon directory exists, but skip the remainder of the test if
// the addon has not been compiled.
fs.accessSync(notBindingDir);
try {
fs.copyFileSync(notBindingPath, strangeBindingPath);
} catch (err) {
if (err.code !== 'ENOENT') throw err;
common.skip(`addon not found: ${notBindingPath}`);
}
// This error message should also not be passed to a printf-like function.
assert.throws(() => {
process.dlopen({ exports: {} }, strangeBindingPath);
}, {
name: 'Error',
code: 'ERR_DLOPEN_FAILED',
message: /^Module did not self-register: '.*binding-%s\.node'\.$/
});
Reference in New Issue View Git Blame Copy Permalink