From ff6d5cbf4760e8097e15c293a59dbca9318b59e6 Mon Sep 17 00:00:00 2001 From: gaozhekang Date: Wed, 4 Nov 2020 11:19:40 +0800 Subject: [PATCH] Avoid OOB read in URL parser --- 0004-src-avoid-OOB-read-in-URL-parser.patch | 79 +++++++++++++++++++++ nodejs.spec | 6 +- 2 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 0004-src-avoid-OOB-read-in-URL-parser.patch diff --git a/0004-src-avoid-OOB-read-in-URL-parser.patch b/0004-src-avoid-OOB-read-in-URL-parser.patch new file mode 100644 index 0000000..6108a39 --- /dev/null +++ b/0004-src-avoid-OOB-read-in-URL-parser.patch @@ -0,0 +1,79 @@ +From 4cb8fa4aa5dea72bc66ea950e3fc193385bb7175 Mon Sep 17 00:00:00 2001 +From: gaozhekang +Date: Wed, 4 Nov 2020 11:12:53 +0800 +Subject: [PATCH] src: avoid OOB read in URL parser + +This is not a big concern, because right now, all (non-test) inputs +to the parser are `'\0'`-terminated, but we should be future-proof +here and not perform these OOB reads. + +--- + src/node_url.cc | 6 +++--- + test/cctest/test_url.cc | 20 ++++++++++++++++++++ + 2 files changed, 23 insertions(+), 3 deletions(-) + +diff --git a/src/node_url.cc b/src/node_url.cc +index 7bfcde5..41492b1 100644 +--- a/src/node_url.cc ++++ b/src/node_url.cc +@@ -1487,7 +1487,7 @@ void URL::Parse(const char* input, + state = kSpecialRelativeOrAuthority; + } else if (special) { + state = kSpecialAuthoritySlashes; +- } else if (p[1] == '/') { ++ } else if (p + 1 < end && p[1] == '/') { + state = kPathOrAuthority; + p++; + } else { +@@ -1547,7 +1547,7 @@ void URL::Parse(const char* input, + } + break; + case kSpecialRelativeOrAuthority: +- if (ch == '/' && p[1] == '/') { ++ if (ch == '/' && p + 1 < end && p[1] == '/') { + state = kSpecialAuthorityIgnoreSlashes; + p++; + } else { +@@ -1695,7 +1695,7 @@ void URL::Parse(const char* input, + break; + case kSpecialAuthoritySlashes: + state = kSpecialAuthorityIgnoreSlashes; +- if (ch == '/' && p[1] == '/') { ++ if (ch == '/' && p + 1 < end && p[1] == '/') { + p++; + } else { + continue; +diff --git a/test/cctest/test_url.cc b/test/cctest/test_url.cc +index ddef534..810cbc2 100644 +--- a/test/cctest/test_url.cc ++++ b/test/cctest/test_url.cc +@@ -80,6 +80,26 @@ TEST_F(URLTest, Base3) { + EXPECT_EQ(simple.path(), "/baz"); + } + ++TEST_F(URLTest, TruncatedAfterProtocol) { ++ char input[2] = { 'q', ':' }; ++ URL simple(input, sizeof(input)); ++ ++ EXPECT_FALSE(simple.flags() & URL_FLAGS_FAILED); ++ EXPECT_EQ(simple.protocol(), "q:"); ++ EXPECT_EQ(simple.host(), ""); ++ EXPECT_EQ(simple.path(), "/"); ++} ++ ++TEST_F(URLTest, TruncatedAfterProtocol2) { ++ char input[6] = { 'h', 't', 't', 'p', ':', '/' }; ++ URL simple(input, sizeof(input)); ++ ++ EXPECT_TRUE(simple.flags() & URL_FLAGS_FAILED); ++ EXPECT_EQ(simple.protocol(), "http:"); ++ EXPECT_EQ(simple.host(), ""); ++ EXPECT_EQ(simple.path(), ""); ++} ++ + TEST_F(URLTest, ToFilePath) { + #define T(url, path) EXPECT_EQ(path, URL(url).ToFilePath()) + T("http://example.org/foo/bar", ""); +-- +2.23.0 + diff --git a/nodejs.spec b/nodejs.spec index 40a5219..9eb5b6e 100644 --- a/nodejs.spec +++ b/nodejs.spec @@ -57,7 +57,7 @@ Name: nodejs Epoch: %{nodejs_epoch} Version: %{nodejs_version} -Release: 1 +Release: 2 Summary: JavaScript runtime License: MIT and ASL 2.0 and ISC and BSD Group: Development/Languages @@ -72,6 +72,7 @@ Source7: nodejs_native.attr Patch1: 0001-Disable-running-gyp-on-shared-deps.patch Patch2: 0002-Install-both-binaries-and-use-libdir.patch Patch3: 0003-build-auto-load-ICU-data-from-with-icu-default-data-.patch +Patch4: 0004-src-avoid-OOB-read-in-URL-parser.patch BuildRequires: python2-devel python3-devel zlib-devel gcc >= 6.3.0 BuildRequires: gcc-c++ >= 6.3.0 nodejs-packaging chrpath libatomic @@ -455,6 +456,9 @@ end %changelog +* Wed Nov 04 2020 gaozhekang - 1:10.21.0-2 +- avoid OOB read in URL parser + * Mon Aug 24 2020 lingsheng - 1:10.21.0-1 - Update to 10.21.0 -- Gitee