• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef SRC_NODE_REVERT_H_
2 #define SRC_NODE_REVERT_H_
3 
4 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5 
6 #include "node.h"
7 
8 /**
9  * Note that it is expected for this list to vary across specific LTS and
10  * Stable versions! Only CVE's whose fixes require *breaking* changes within
11  * a given LTS or Stable may be added to this list, and only with TSC
12  * consensus.
13  *
14  * For *master* this list should always be empty!
15  **/
16 namespace node {
17 
18 #define SECURITY_REVERSIONS(XX)                                            \
19   XX(CVE_2019_9512, "CVE-2019-9512", "HTTP/2 Ping/Settings Flood")         \
20   XX(CVE_2019_9514, "CVE-2019-9514", "HTTP/2 Reset Flood")                 \
21   XX(CVE_2019_9516, "CVE-2019-9516", "HTTP/2 0-Length Headers Leak")       \
22   XX(CVE_2019_9518, "CVE-2019-9518", "HTTP/2 Empty DATA Frame Flooding")   \
23 //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
24   // TODO(addaleax): Remove all of the above before Node.js 13 as the comment
25   // at the start of the file indicates.
26 
27 enum reversion {
28 #define V(code, ...) SECURITY_REVERT_##code,
29   SECURITY_REVERSIONS(V)
30 #undef V
31 };
32 
33 namespace per_process {
34 extern unsigned int reverted_cve;
35 }
36 
RevertMessage(const reversion cve)37 inline const char* RevertMessage(const reversion cve) {
38 #define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
39   switch (cve) {
40     SECURITY_REVERSIONS(V)
41     default:
42       return "Unknown";
43   }
44 #undef V
45 }
46 
Revert(const reversion cve)47 inline void Revert(const reversion cve) {
48   per_process::reverted_cve |= 1 << cve;
49   printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
50 }
51 
Revert(const char * cve,std::string * error)52 inline void Revert(const char* cve, std::string* error) {
53 #define V(code, label, _)                                                     \
54   if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
55   SECURITY_REVERSIONS(V)
56 #undef V
57   *error = "Error: Attempt to revert an unknown CVE [";
58   *error += cve;
59   *error += ']';
60 }
61 
IsReverted(const reversion cve)62 inline bool IsReverted(const reversion cve) {
63   return per_process::reverted_cve & (1 << cve);
64 }
65 
IsReverted(const char * cve)66 inline bool IsReverted(const char* cve) {
67 #define V(code, label, _)                                                     \
68   if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
69   SECURITY_REVERSIONS(V)
70   return false;
71 #undef V
72 }
73 
74 }  // namespace node
75 
76 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
77 
78 #endif  // SRC_NODE_REVERT_H_
79