If uv_interface_addresses() returns UV_ENOSYS then interfaces and count
are uninitialised. This can cause a segmentation fault inside
GetInterfaceAddresses when it tries to use the invalid interfaces[].
Fix the issue by returning from GetInterfaceAddresses on the UV_ENOSYS
error.
This issue was observed when using uCLibc-ng version 1.0.9 because
uv_interface_addresses() in deps/uv/src/unix/linux-core.c incorrectly
undefines HAVE_IFADDRS_H.
Signed-off-by: Martin Bark <martin@barkynet.com>
PR-URL: https://github.com/nodejs/node/pull/4272
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Load the certificate chain from the PFX file the same as we do it for a
regular certificate chain.
Fix: #4127
PR-URL: https://github.com/nodejs/node/pull/4165
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The Is* type checking functions in node_util.cc are mostly
the same boilerplate. This commit defines them using a macro.
Refs: https://github.com/nodejs/node/pull/4100
PR-URL: https://github.com/nodejs/node/pull/4118
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Conflicts:
src/node_util.cc
Determine object types of regular expressions, Dates, Maps, and
Sets in the C++ layer instead of depending on toString()
behavior in JavaScript.
PR-URL: https://github.com/nodejs/node/pull/4100
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Michaël Zasso <mic.besace@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Remove a hack that was introduced in commit bb6d468d from November 2010.
This is groundwork for a follow-up commit that makes it possible to use
internal modules in lib/repl.js.
PR-URL: https://github.com/nodejs/node/pull/4026
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Conflicts:
lib/module.js
This commit adds an internal util method that makes hidden
values in the C++ layer visible in JS.
PR-URL: https://github.com/nodejs/node/pull/3988
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Conflicts:
lib/internal/util.js
`WrapperInfo` casts pointer in JS object's internal field to
`AsyncWrap`. This approach fails miserably for `TLSWrap` because it was
inhereted from the `StreamBase` first, creating different kind of
`vtable` for the whole class.
Reorder parent classes to put `AsyncWrap` first.
Fix: https://github.com/nodejs/node/issues/4250
PR-URL: https://github.com/nodejs/node/pull/4268
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/4264
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
In dfee4e3712, the module wrapper
and line offset used when wrapping module code was changed to
better report errors on the first line of modules. However, that
commit did not update the runInThisContext() call used to
execute the core modules, so their error line numbers have been
off by one. This commit provides the correct lineOffset for core
modules.
Refs: https://github.com/nodejs/node/pull/2867
PR-URL: https://github.com/nodejs/node/pull/4254
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Rename doNTCallback functions for clarity when profiling, these make
sense internally but the "NT" in particular is a bit obtuse to be
immediately understandable by non-core developers.
PR-URL: https://github.com/nodejs/node/pull/4167
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
Commit a9c0c65 ("src: define getpid() based on OS") made src/env.cc
use `GetCurrentProcessId()` on Windows for the PID in log messages.
`GetCurrentProcessId()` is also what is used by libuv, OpenSSL and V8.
This commit makes `process.pid` use `GetCurrentProcessId()` instead of
`_getpid()` for consistency.
PR-URL: https://github.com/nodejs/node/pull/4163
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
If JS throws an object whose toString() method throws, then Node
attempts to print an empty message, but actually prints garbage.
This commit checks for this case, and prints a message instead.
Fixes: https://github.com/nodejs/node/issues/4079
PR-URL: https://github.com/nodejs/node/pull/4112
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Chris Dickinson <christopher.s.dickinson@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Minwoo Jung <jmwsoft@gmail.com>
FIPS 140-2 disallows use of MD5, which is used to derive the
initialization vector and key for createCipher(). Modify
all tests to expect exceptions in FIPS mode when disallowed
API is used, or to avoid testing such API in FIPS Mode.
PR-URL: https://github.com/nodejs/node/pull/3754
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
Call a user's callback to notify that the handle has been destroyed.
Only pass the id of the AsyncWrap instance since the object no longer
exists.
The object that's being destructed should never be inspected within the
callback or any time afterward.
This commit make a breaking change. The init callback will now be passed
arguments in the order of provider, id, parent.
PR-URL: https://github.com/nodejs/node/pull/3461
Reviewed-By: Fedor Indutny <fedor@indutny.com>
New instances of AsyncWrap are automatically assigned a unique id. The
value will be used in future commits to communicate additional
information via the async hooks.
While the largest value we can reliably communicate to JS is 2^53, even
if a new AsyncWrap is created every 100ns the uid won't reach its end
for 28.5 years.
PR-URL: https://github.com/nodejs/node/pull/3461
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Only enforce that the init callback is passed to setupHooks(). The
remaining hooks can be optionally passed.
Throw if async_wrap.enable() runs before setting the init callback or if
setupHooks() is called while async wrap is enabled.
Add test to verify calls throw appropriately.
PR-URL: https://github.com/nodejs/node/pull/3461
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Because Node modules are wrapped, errors on the first line
of a file leak the wrapper to the user and report the wrong
column number. This commit adds a line break to the module
wrapper so that the first line is treated the same as all
other lines. To compensate for the additional line, a line
offset of -1 is also applied to errors.
Fixes: https://github.com/nodejs/node/issues/2860
PR-URL: https://github.com/nodejs/node/pull/2867
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Fix node exiting due to an exception being thrown rather than emitting
an `'uncaughtException'` event on the process object when:
1. no error handler is set on the domain within which an error is thrown
2. an `'uncaughtException'` event listener is set on the process
Also fix an issue where the process would not abort in the proper
function call if an error is thrown within a domain with no error
handler and `--abort-on-uncaught-exception` is used.
Fixes#3607 and #3653.
PR: #3884
PR-URL: https://github.com/nodejs/node/pull/3884
Reviewed-By: James M Snell <jasnell@gmail.com>
Documentation currently states that setting noAssert and passing a value
larger than can fit in the Buffer will cause data to be silently
dropped. Change implementation to match documented behavior.
Fixes: https://github.com/nodejs/node/issues/3766
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
FIPS 180-4 requires specific (L,N) values. OpenSSL will crash if an
invalid combination is used, so we must check the input sanity first.
PR-URL: https://github.com/nodejs/node/pull/3756
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: James M Snell <jasnell@gmail.com>
Added checks where necessary to prevent hard crashes and gave
precedence to returning the OpenSSL error strings instead of generic
error strings.
PR-URL: https://github.com/nodejs/node/pull/3753
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
When getaddrinfo linked-list results contain entries other than AF_INET
and AF_INET6, the resulting v8::Array will contain undefined values.
That's because initialization of v8::Array pre-allocates entries for all
linked-list nodes, but not all of them will be in the final results.
This commit ensures that the array only contains valid results.
PR-URL: https://github.com/nodejs/node/pull/3696
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This reverts 8cee8f5 which was causing stdin to behave strangely on
Windows 8 and 10. The suspected explanation for the issue is that there
might be a race condition occuring when stdin._readableState.reading is
set indirectly through `push('')`.
PR-URL: https://github.com/nodejs/node/pull/3490
Fixes: https://github.com/nodejs/node/issues/2996
Fixes: https://github.com/nodejs/node/issues/2504
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Security Update
Notable items:
* http: Fix a bug where an HTTP socket may no longer have a socket
but a pipelined request triggers a pause or resume, a potential
denial-of-service vector. (Fedor Indutny)
* openssl: Upgrade to 1.0.2e, containing fixes for:
- CVE-2015-3193 "BN_mod_exp may produce incorrect results on x86_64",
an attack is considered feasible against a Node.js TLS server using
DHE key exchange. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
- CVE-2015-3194 "Certificate verify crash with missing PSS parameter",
a potential denial-of-service vector for Node.js TLS servers; TLS
clients are also impacted. Details are available at
<http://openssl.org/news/secadv/20151203.txt>.
(Shigeki Ohtsu) #4134
* v8: Backport fixes for a bug in `JSON.stringify()` that can result
in out-of-bounds reads for arrays. (Ben Noordhuis)
PR-URL: https://github.com/nodejs/node-private/pull/12
This is to ensure that it is evaluated the same way it would be if it
were to be run by node or required.
Before, the following would pass if run by node, but fail if run via
the syntax check flag:
if (true) {
return;
}
Now, this will pass the syntax check
PR-URL: https://github.com/nodejs/node/pull/3587
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Before this commit, sending a SIGUSR1 at program exit could trigger a
hard to reproduce race condition where `v8::Debug::DebugBreak(isolate)`
got called when the isolate was in the process of being torn down.
A similar race condition is in theory possible when sending signals
to two threads simultaneously but I haven't been able to reproduce
that myself (and I tried, oh how I tried.)
This commit fixes the race condition by turning `node_isolate` into
a `std::atomic` and using it as an ad hoc synchronization primitive
in places where that is necessary.
A bare minimum std::atomic polyfill is added for OS X because Apple
wouldn't be Apple if things just worked out of the box.
PR-URL: https://github.com/nodejs/node/pull/3528
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
malloc(0) and realloc(ptr, 0) have implementation-defined behavior in
that the standard allows them to either return a unique pointer or a
nullptr for zero-sized allocation requests. Normalize by always using
a nullptr.
Fixes: https://github.com/nodejs/node/issues/3496
PR-URL: https://github.com/nodejs/node/pull/3499
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
This is a two-part fix:
- Fix pending data notification in `OutgoingMessage` to notify server
about flushed data too
- Fix pause/resume behavior for the consumed socket. `resume` event is
emitted on a next tick, and `socket._paused` can already be `true` at
this time. Pause the socket again to avoid PAUSED error on parser.
Fix: https://github.com/nodejs/node/issues/3332
PR-URL: https://github.com/nodejs/node/pull/3342
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
`CallbackInfo` is now bound to `ArrayBuffer` instance, not `Uint8Array`,
therefore `SPREAD_ARG` will abort with:
Assertion failed: ((object)->IsUint8Array())
Make changes necessary to migrate it to `ArrayBuffer`.
See: https://github.com/nodejs/node/pull/3080#issuecomment-147502167
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/3329
On Big Endian platforms v8 strings are need to converted
to Little Endian before searching in utf16le buffer
Fixes: https://github.com/nodejs/node/issues/3283
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Michael Dawson <mhdawson@ca.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/3295
cjihrig
Myles Borins
Fedor Indutny
Martin Bark
Ben Noordhuis
Martin von Gagern
Yazhong Liu
Rod Vagg
Stefan Budeanu
Trevor Norris
Tristian Flanagan
James M Snell
Julien Gilli
P.S.V.R
Junliang Yan
Ömer Fadıl Usta
Roman Reiss
Evan Lucas
Brian White
Karl Skomski