pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.
Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.
This is a back-port of commit 6770555 from the master branch.
The test relied on a peculiarity of process.nextTick() that was changed in
commit 4e5fe2d. Before that commit, each nextTick callback corresponded with
the event loop moving forward one tick. That's no longer the case.
pummel/test-net-throttle assumes that a couple of big write requests result in
some of them getting queued because the kernel's send buffer fills up.
Said assumption breaks on systems with large send buffers. Raise the size of
the write request to ameliorate the issue.
Before this commit, `fs.unwatchFile(path)` removed *all* listeners for `path`.
The function is overloaded now: `fs.unwatchFile(path)` still removes all
listeners, but `fs.unwatchFile(path, cb)` lets you remove a specific listener.
Fixes#3660.
Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.
Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.
DH_size returns number of bytes in a prime number, DH_compute_key returns number
of bytes in a remainder of exponent, which may have less bytes than a prime
number. Therefore add 0-padding to the allocated buffer.
Fixes#3372
It wasn't waiting for the child process' stderr to close, so not an
assertion was made *before* all the data that the child process sent
was received by node.
Instead of allocating a new 64KB buffer each time when checking if there is
something to transform, continue to use the same buffer. Once the buffer is
exhausted, allocate a new buffer. This solves the problem of huge allocations
when small fragments of data are processed, but will also continue to work
well with big pieces of data.
Throw, don't abort. `new Buffer(0x3fffffff + 1)` used to bring down the process
with the following error message:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData() length
exceeds max acceptable value
Fixes#2280.
The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.
To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.