• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #ifndef SRC_NODE_REVERT_H_
2 #define SRC_NODE_REVERT_H_
3 
4 #if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5 
6 #include "node.h"
7 
8 /**
9  * Note that it is expected for this list to vary across specific LTS and
10  * Stable versions! Only CVE's whose fixes require *breaking* changes within
11  * a given LTS or Stable may be added to this list, and only with TSC
12  * consensus.
13  *
14  * For *master* this list should always be empty!
15  **/
16 namespace node {
17 
18 #define SECURITY_REVERSIONS(XX)                                            \
19 //  XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title")
20 
21 enum reversion {
22 #define V(code, ...) SECURITY_REVERT_##code,
23   SECURITY_REVERSIONS(V)
24 #undef V
25 };
26 
27 namespace per_process {
28 extern unsigned int reverted_cve;
29 }
30 
31 #ifdef _MSC_VER
32 #pragma warning(push)
33 // MSVC C4065: switch statement contains 'default' but no 'case' labels
34 #pragma warning(disable : 4065)
35 #endif
36 
RevertMessage(const reversion cve)37 inline const char* RevertMessage(const reversion cve) {
38 #define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
39   switch (cve) {
40     SECURITY_REVERSIONS(V)
41     default:
42       return "Unknown";
43   }
44 #undef V
45 }
46 
47 #ifdef _MSC_VER
48 #pragma warning(pop)
49 #endif
50 
Revert(const reversion cve)51 inline void Revert(const reversion cve) {
52   per_process::reverted_cve |= 1 << cve;
53   printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
54 }
55 
Revert(const char * cve,std::string * error)56 inline void Revert(const char* cve, std::string* error) {
57 #define V(code, label, _)                                                     \
58   if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
59   SECURITY_REVERSIONS(V)
60 #undef V
61   *error = "Error: Attempt to revert an unknown CVE [";
62   *error += cve;
63   *error += ']';
64 }
65 
IsReverted(const reversion cve)66 inline bool IsReverted(const reversion cve) {
67   return per_process::reverted_cve & (1 << cve);
68 }
69 
IsReverted(const char * cve)70 inline bool IsReverted(const char* cve) {
71 #define V(code, label, _)                                                     \
72   if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
73   SECURITY_REVERSIONS(V)
74   return false;
75 #undef V
76 }
77 
78 }  // namespace node
79 
80 #endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
81 
82 #endif  // SRC_NODE_REVERT_H_
83