On POSIX platforms, check that the uid and gid match the euid and egid
respectively before looking up the environment variable.
Before this commit, an i18n-enabled suid node would cheerfully load
attacker-controlled ICU data through the NODE_ICU_DATA environment
variable.
This commit is not a complete fix. For example, it's up for debate
what to do with the NODE_CHANNEL_FD environment variable.
PR-URL: https://github.com/node-forward/node/pull/18
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Mechanically replace assert() statements with UNREACHABLE(), CHECK(),
or CHECK_{EQ,NE,LT,GT,LE,GE}() statements.
The exceptions are src/node.h and src/node_object_wrap.h because they
are public headers.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
API callback functions don't need to create a v8::HandleScope instance
because V8 already creates one in the JS->C++ adapter frame.
PR-URL: https://github.com/node-forward/node/pull/16
Reviewed-By: Fedor Indutny <fedor@indutny.com>
vcbuild.bat is calling vcvars.bat, which doesn't detect if the environment
has already been set. This causes repeated entries to be added to the PATH,
which after a few invocations will lead to an error:
The input line is too long.
Update the list of root certificates in src/node_root_certs.h with
tools/mk-ca-bundle.pl.
PR-URL: https://github.com/node-forward/node/pull/7
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
Update following macros:
* NODE_NET_SOCKET_{READ,WRITE}() - they both take 4 arguments,
not 2
* NODE_COUNT_GC_PERCENTTIME() - it takes a single argument.
Use INT_PTR instead of INT32 in pointer casts in win32_etw provider.
PR-URL: https://github.com/joyent/node/pull/8294
Reviewed-By: Fedor Indutny <fedor@indutny.com>
You cannot spawn 'dir' on Windows because it's not an executable. Also,
some people might have 'ls' on their path on Windows, so I changed
invalidCmd to something that's highly unlikely to exist.
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Previously crypto.createDiffieHellman() would fail silently when a bad
argument was passed for prime/prime_length. Now throws TypeError.
Fixes: https://github.com/joyent/node/issues/8480
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
The cluster children are hitting breakpoint at `cluster.onread` and
hanging on a Semaphore wait now. This prevents them from disconnecting
gracefully. Considering that the test is checking different thing, the
cluster children needs to be force killed from the grand parent process.
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Because of behavior change of some V8 APIs (they mostly became more
strict), following modules needed to be fixed:
* crypto: duplicate prototype methods are not allowed anymore
* contextify: some TryCatch trickery, the binding was using it
incorrectly
* util: maximum call stack error is now crashing in a different place
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Do not send signal to children if they are already in debug mode.
Node.js on Windows does not register signal handler, and thus calling
`process._debugProcess()` will throw an error.
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
The cluster children are hitting breakpoint at `cluster.onread` and
hanging on a Semaphore wait now. This prevents them from disconnecting
gracefully. Considering that the test is checking different thing, the
cluster children needs to be force killed from the grand parent process.
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Because of behavior change of some V8 APIs (they mostly became more
strict), following modules needed to be fixed:
* crypto: duplicate prototype methods are not allowed anymore
* contextify: some TryCatch trickery, the binding was using it
incorrectly
* util: maximum call stack error is now crashing in a different place
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Do not send signal to children if they are already in debug mode.
Node.js on Windows does not register signal handler, and thus calling
`process._debugProcess()` will throw an error.
Reviewed-By: Trevor Norris <trevnorris@gmail.com>
PR-URL: https://github.com/joyent/node/pull/8476
Do not call SSL_read() and ignore ZERO_RETURN if the connection was
shutdown and there could not be any reads.
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/joyent/node/pull/8519
* Add official documentation that a Buffer instance is a viable
argument when instantiating a new Buffer.
* Properly set the poolOffset when a buffer needs to be truncated.
* Add comments clarifying specific peculiar coding choices.
* Remove a level of unnecessary indentation.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
Windows doesn't resolve ".." the way we expect it for symlinks and
junctions.
PR-URL: https://github.com/joyent/node/pull/8489
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Fedor Indutny <fedor@indutny.com>
The constants in enum v8::ExternalArrayType have been changed. The old
values are there for legacy reasons, but it's best to update anyway.
Signed-off-by: Trevor Norris <trev.norris@gmail.com>
The docs for readLine.pause are misleading. I seriously spent hours on this. If
it isn't a bug, at least it should be well documented.
Someone else stumbled on this too:
http://stackoverflow.com/questions/21341050/pausing-readline-in-node-js
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
Associates link to dns.lookup() with proper URL.
Fixes: https://github.com/joyent/node/issues/8018
Reviewed-by: Trevor Norris <trev.norris@gmail.com>
Reviewed-by: Chris Dickinson <christopher.s.dickinson@gmail.com>
Ben Noordhuis
Refael Ackermann
Fedor Indutny
Alexis Campailla
Brian White
Ray Donnelly
Julien Gilli
Wang Xinyong
Stiliyan Lazarov
Trevor Norris
Steve Mao
Johnny Ray
Steven R. Loomis
Evan Rutledge Borden
Victor Widell
Steve Sharp