OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
v4.x
node/lib
History
Myles Borins bf00665af6
path: unwind regular expressions in Windows 
This is the second part to removing REDOS vulnerabilities from v4.x

The function `splitTailRe` exposed a REDOS vulnerability. It was only
utilized in the Windows implementation of a number of the path utilities.
In v6.x a change landed that unwound this regular expression, and in
turn patched the vulnerability.

This commit copies the unwound implementation currently found on v8.x.
It is completely self contained. I attempted to keep all warnings
and deprecations the same as the v4.x implementation, but may have
missed something buried in the large unwound functions.

Refs: https://github.com/nodejs/node/commit/b212be08f6
2018-02-22 17:47:13 -05:00
..
internal child_process: refactor internal/child_process.js 2017-03-08 17:29:25 -08:00
_debug_agent.js debugger: make listen address configurable 2016-11-22 14:02:28 +08:00
_debugger.js debugger: call this.resume() after this.run() 2017-01-31 20:04:29 -05:00
_http_agent.js https: fix memory leak with https.request() 2016-11-18 15:40:20 -05:00
_http_client.js http: use Buffer.from to avoid Buffer(num) call 2017-07-10 10:59:41 +01:00
_http_common.js http: fix connection upgrade checks 2016-11-22 16:01:03 +08:00
_http_incoming.js http: fix no dumping after maybeReadMore 2016-07-14 12:44:41 -07:00
_http_outgoing.js http: fix connection upgrade checks 2016-11-22 16:01:03 +08:00
_http_server.js src: unconsume stream fix in internal http impl 2017-03-08 17:29:36 -08:00
_linklist.js lib: changed var to const in linkedlist 2016-11-22 14:23:37 +08:00
_stream_duplex.js node: allow multiple arguments passed to nextTick 2015-04-15 17:02:21 -06:00
_stream_passthrough.js lib: use const to define constants 2015-01-21 16:21:31 -05:00
_stream_readable.js streams: fix regression in unpipe() 2016-11-14 11:39:59 -05:00
_stream_transform.js stream: prevent object map change in TransformState 2016-03-21 12:57:54 -07:00
_stream_wrap.js test,lib,benchmark: match function names 2017-01-31 20:04:27 -05:00
_stream_writable.js test,lib,benchmark: match function names 2017-01-31 20:04:27 -05:00
_tls_common.js crypto: freelist_max_len is gone in OpenSSL 1.1.0 2017-03-08 17:29:46 -08:00
_tls_legacy.js tls, crypto: add ALPN Support 2017-01-31 20:04:27 -05:00
_tls_wrap.js Partial revert "tls: keep track of stream that is closed" 2017-04-18 20:08:38 -04:00
.eslintrc.yaml tools: rename eslintrc to an undeprecated format 2017-03-08 17:29:48 -08:00
assert.js assert: remove unneeded condition 2017-03-08 17:29:27 -08:00
buffer.js buffer: improve toJSON() performance 2017-03-08 17:29:47 -08:00
child_process.js child_process: remove empty if condition 2017-03-08 17:29:25 -08:00
cluster.js cluster: remove bind() and self 2016-10-26 14:09:01 -04:00
console.js console: check that stderr is writable 2016-03-30 13:12:14 -07:00
constants.js Remove excessive copyright/license boilerplate 2015-01-12 15:30:28 -08:00
crypto.js streams: refactor LazyTransform to internal/ 2015-09-15 13:53:21 -04:00
dgram.js dgram: fix possibly deoptimizing use of arguments 2017-03-09 13:22:19 -08:00
dns.js dns: tweak regex for IPv6 addresses 2016-10-26 14:09:18 -04:00
domain.js test,lib,benchmark: match function names 2017-01-31 20:04:27 -05:00
events.js events: pass the original listener added by once 2016-11-22 15:55:16 +08:00
freelist.js lib,test: add freelist deprecation and test 2015-07-17 19:48:31 -07:00
fs.js fs: add the fs.mkdtemp() function. 2017-01-31 20:04:27 -05:00
http.js lib,src: remove usage of events.EventEmitter 2015-09-23 08:39:34 +10:00
https.js tls, crypto: add ALPN Support 2017-01-31 20:04:27 -05:00
module.js module: fix loading from global folders on Windows 2017-04-18 20:08:37 -04:00
net.js net: prefer === to == 2017-03-08 17:29:19 -08:00
os.js lib: refactor code with startsWith/endsWith 2016-04-08 17:16:43 -04:00
path.js path: unwind regular expressions in Windows 2018-02-22 17:47:13 -05:00
process.js src: remove excessive license boilerplate 2015-01-27 16:35:05 +11:00
punycode.js lib: add missing new for errors lib/*.js 2015-03-24 12:42:15 -07:00
querystring.js querystring: don't stringify bad surrogate pair 2016-04-11 11:10:47 -04:00
readline.js readline: refactor construct Interface 2017-03-08 17:29:43 -08:00
repl.js repl: refactor lib/repl.js 2016-12-13 16:25:30 -05:00
stream.js lib,src: remove usage of events.EventEmitter 2015-09-23 08:39:34 +10:00
string_decoder.js string_decoder: fix performance regression 2016-03-21 12:57:54 -07:00
sys.js util: introduce printDeprecationMessage function 2015-06-04 10:59:43 +03:00
timers.js lib,test: use consistent operator linebreak style 2017-01-31 20:04:31 -05:00
tls.js tls: copy the Buffer object before using 2017-01-31 20:04:28 -05:00
tty.js tty: avoid oob warning in TTYWrap::GetWindowSize() 2017-03-08 17:29:23 -08:00
url.js lib: remove let from for loops 2016-11-14 11:39:59 -05:00
util.js util: don't init Debug if it's not needed yet 2017-03-08 17:29:54 -08:00
v8.js lib,src: support values > 4GB in heap statistics 2017-03-08 17:29:18 -08:00
vm.js lib: reduce util.is*() usage 2015-01-31 23:47:29 -05:00
zlib.js zlib: fix node crashing on invalid options 2017-10-25 04:25:41 -04:00