This makes sure that no uninitialized bytes are leaked when the specified
`totalLength` input value is greater than the actual total length of the
specified buffers array, e.g. in Buffer.concat([Buffer.alloc(0)], 100).
PR-URL: https://github.com/nodejs/node-private/pull/64
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Previously, the reason argument passed to ServerResponse#writeHead was
not being properly validated. One could pass CRLFs which could lead to
http response splitting. This commit changes the behavior to throw an
error in the event any invalid characters are included in the reason.
CVE-2016-5325
PR-URL: https://github.com/nodejs/node-private/pull/60
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
- this shares the iterator variable `i` expictly.
- this converts some var to const.
PR-URL: https://github.com/nodejs/node/pull/8781
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
V8 5.4 changed the way that the default constructor of derived classes
is called. It introduced a significant performance regression in the
buffer module for the creation of pooled buffers. This commit forces the
definition back to how it was implicitly before.
Ref: https://bugs.chromium.org/p/v8/issues/detail?id=4890
PR-URL: https://github.com/nodejs/node/pull/8754
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Johan Bergström <bugs@bergstroem.nu>
This allows passing the socket connection timeout to http#request
such that it will be set before the socket is connecting
PR-URL: https://github.com/nodejs/node/pull/8101
Fixes: https://github.com/nodejs/node/issues/7580
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Emits 'stop' event for fs.watchFile on process.nextTick
to fix 'maximum call stack size exceeded' error when
`stop` is called synchronously after listener is attached.
PR-URL: https://github.com/nodejs/node/pull/8524
Fixes: https://github.com/nodejs/node/issues/8421
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
The `path.resolve()` function when given just a drive letter such as
"C:" tries to get a drive-specific CWD, but that isn't available in
cases when the process is not launched via cmd.exe and the process
CWD has not been explicitly set on that drive.
This change adds a fallback to the process CWD, if the process CWD
happens to be on the resolved drive letter. If the process CWD is on
another drive, then a drive-specific CWD cannot be resolved and
defaults to the drive's root as before.
Based on experimentation, the fixed behavior matches that of other
similar path resolution implementations on Windows I checked: .NET's
`System.IO.Path.GetFullPath()` and Python's `os.path.abspath()`.
In the automated path test cases the issue doesn't occur when the
tests are run normally from cmd.exe. But it did cause an assertion
when running the tests from PowerShell, that is fixed by this change.
PR-URL: https://github.com/nodejs/node/pull/8541
Fixes: https://github.com/nodejs/node/issues/7215
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
The regex used in `dns.setServers()` to match IPv6 addresses in square
brackets uses a capturing group for the port but this info is not
needed.
This commit replaces the capturing group with a non capturing one.
PR-URL: https://github.com/nodejs/node/pull/8665
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
PR-URL: https://github.com/nodejs/node/pull/8619
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
If calling `https.request()` with `options.headers.host` defined
and `options.servername` undefined, `https.Agent.createSocket` mutates
connection `options` after `https.Agent.addRequest` has created empty
socket pool array with mismatching connection name. This results in two
socket pool arrays being created and only the last one gets eventually
deleted by `removeSocket` - causing a memory leak.
This commit fixes the leak by making sure that `addRequest` does the
same modifications to `options` object as the `createSocket`.
`createSocket` is intentionally left unmodified to prevent userland
regressions.
Test case included.
PR-URL: https://github.com/nodejs/node/pull/8647
Fixes: https://github.com/nodejs/node/issues/6687
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Jackson Tian <shvyo1987@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
This commit adds better handling of exceptional array formats
passed to dns.setServers(). Prior to this commit, the input
array was validated using map(), which preserves holes, allowing
them to be passed to c-ares, crashing Node. This commit replaces
map() with forEach(), which skips holes.
Fixes: https://github.com/nodejs/node/issues/8538
PR-URL: https://github.com/nodejs/node/pull/8567
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/8620
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jackson Tian <shvyo1987@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
An upcoming custom lint rule will provide slightly more strict
enforcement of argument alignment for multiline function calls. Adjust
existing code to conform.
PR-URL: https://github.com/nodejs/node/pull/8642
Reviewed-By: Teddy Katz <teddy.katz@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Because any call to util.inspect() with an object results in
inspectPromise() being called, Debug was being initialized even when
it's not needed. Instead, the initialization is placed after the
isPromise check.
PR-URL: https://github.com/nodejs/node/pull/8452
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Evan Lucas <evanlucas@me.com>
When the result of a path.relative() is an absolute UNC path, it should
include the leading backslashes.
Fixes: https://github.com/nodejs/node/issues/8444
PR-URL: https://github.com/nodejs/node/pull/8523
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
In Buffer.prototype.compare, the first check makes sure that target is
an instance of Buffer. The value cannot be falsy after that so we can
safely get its length.
PR-URL: https://github.com/nodejs/node/pull/8552
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/8514
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
- Added dots to printed commands.
- Use spaces instead of tabs so there's no misalignment on terminals
with a tab size other than 4.
- Improved the help text for .editor and .help.
- Automatically indent command help based on the longest command.
PR-URL: https://github.com/nodejs/node/pull/8519
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
`/bin/sh -c` trick wasn't working for several reasons:
* `/bin/sh -c "..."` expects the first argument after `"..."` to be a
`$0`, not a `$1`. Previously `-n` wasn't passed to `nm` because of
this, and many symbols were ordered improperly
* `c++filt` was applied not only to the names of the functions but to
their `nm` prefixes like `t` and `a` (`t xxx` turns into
`unsigned char xxx`).
Instead of applying `c++filt` wide and using `sh -c`, execute `nm` as
requested by `deps/v8/tools/tickprocessor.js` and apply `c++filt` to all
matching entries manually.
Included test demonstrates where previous approach failed: all builtins
were merged into `v8::internal::Builtins::~Builtins`, because they were
prefixed by `t` in `nm` output.
PR-URL: https://github.com/nodejs/node/pull/8480
Reviewed-By: Matthew Loring <mattloring@google.com>
ESLint 3.5.0 introduces a `no-restricted-properties` rule. Replace our
custom `no-deepEqual` rule with this rule.
PR-URL: https://github.com/nodejs/node/pull/8478
Reviewed-By: James M Snell <jasnell@gmail.com>
This PR simplifies Server.prototype.listen, removing some redundancy and
inconsistency. Because listen and connect have a similar function signature,
normalizeConnectArgs can be reused for listen.
listenAfterLookup renamed to lookupAndListen for consistency with
lookupAndConnect, and moved out of Server.prototype.listen.
PR-URL: https://github.com/nodejs/node/pull/4039
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Glen Keane <glenkeane.94@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fixes an error where a loop, used to traverse an array of length `n`,
ran `n + 1` times instead of `n`.
PR-URL: https://github.com/nodejs/node/pull/8420
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This commit fixes detection of ArrayBuffers from different V8 contexts.
This is especially a problem for environments like nw.js where the
node and browser V8 contexts are not shared.
PR-URL: https://github.com/nodejs/node/pull/8453
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Under Windows system can be configured to execute a specific command
each time a shell is spawned. Under some conditions this breaks the
way node handles shell scripts under windows.
This commit adds /d switch to spawn and spawnSync which disables this
AutoRun functionality.
Fixes: https://github.com/nodejs/node-v0.x-archive/issues/25458
PR-URL: https://github.com/nodejs/node/pull/8063
Reviewed-By: João Reis <reis@janeasystems.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Josh Gavant <josh.gavant@outlook.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
If the Buffer object's length is zero, or equal to the underlying
buffer object's length, `parent` property returns `undefined`.
> new Buffer(0).parent
undefined
> new Buffer(Buffer.poolSize).parent
undefined
This patch makes the buffer objects to consistently expose the buffer
object via the `parent` property, always.
Fixes: https://github.com/nodejs/node/issues/8266
PR-URL: https://github.com/nodejs/node/pull/8311
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
- Enforces strict comparisons in dgram - bindState should
always be strictly equal to one of the defined constant states,
and newHandle type is a string.
- Check that the argument `type` in createSocket is not null
when it is of type 'object', before using its `type` property.
- Adds a test to check dgram.createSocket is properly
validating its `type` argument.
PR-URL: https://github.com/nodejs/node/pull/8011
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Jackson Tian <shvyo1987@gmail.com>
Emit two line events when there is a delay between
CR('\r') and LF('\n').
Introduced a new option `crlfDelay`. If the delay between \r and \n
exceeds `crlfDelay` milliseconds, both \r and \n will be treated as
separate end-of-line input. Default to 100 milliseconds.
`crlfDelay` will be coerced to [100, 2000] range.
PR-URL: https://github.com/nodejs/node/pull/8109
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reading the comment at the top of the vm.js, I think that
ContextifyScript should perhaps just be Script.
PR-URL: https://github.com/nodejs/node/pull/8415
Reviewed-By: Prince John Wesley <princejohnwesley@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franzih@chromium.org>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reinstate crypto.timingSafeEqual() which was reverted due to test
issues. The flaky test issues are resolved in this new changeset.
PR-URL: https://github.com/nodejs/node/pull/8304
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Normalize the encoding in getDecoder() before using it. Fixes an
AssertionError: "Cannot change encoding" when encoding is "ucs2",
"ucs-2" or "utf-16le"
Fixes: https://github.com/nodejs/node/issues/8236
PR-URL: https://github.com/nodejs/node/pull/8301
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Use process.emitWarning() instead of the internal printDeprecationMessage
in order to avoid use of an internal only API.
PR-URL: https://github.com/nodejs/node/pull/8166
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
The process.emitWarning() API should be used for printing
deprecation warning messages rather than directly using the
internal/util#printDeprecationMessage
PR-URL: https://github.com/nodejs/node/pull/8166
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Myles Borins <myles.borins@gmail.com>
Move the implementation of SyncWriteStream to internal/fs.
PR-URL: https://github.com/nodejs/node/pull/6749
Reviewed-By: Ron Korving <ron@ronkorving.nl>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
This makes the famous `EventEmitter memory leak` warnings occurring
when the listener count for a given event exceeds a specified number
more programatically accessible, by giving them properties referring
to the event emitter instance and the event itself.
This can be useful for debugging the origins of such a warning when
the stack itself doesn’t reveal enough information about the event
emitter instance itself, e.g. when manual inspection of the
already-registered listeners is expected to be useful.
PR-URL: https://github.com/nodejs/node/pull/8298
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jeremiah Senkpiel <Fishrock123@rocketmail.com>
PR-URL: https://github.com/nodejs/node/pull/8104
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>