0
0
mirror of https://github.com/nodejs/node.git synced 2024-11-29 23:16:30 +01:00
Commit Graph

27955 Commits

Author SHA1 Message Date
Robert Nagy
0daec61b9b http: replace superfluous connection property with getter/setter
PR-URL: https://github.com/nodejs/node/pull/29015
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-17 06:21:59 -07:00
Robert Nagy
6f613d8abb http,stream: add writableEnded
This is work towards resolving the response.finished confusion and
future deprecation.

Note that implementation-wise, streams have both an ending and ended
state. However, in this case (in order to avoid confusion in user space)
writableEnded is equal to writable.ending. The ending vs ended situation
is internal state required for internal stream logic.

PR-URL: https://github.com/nodejs/node/pull/28934
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-17 00:28:06 -07:00
Anas Aboureada
e4bbbcc84b fs: add fs.writev() which exposes syscall writev()
fs with writev allow many buffers to be pushed to underlying OS
APIs in one batch, so this should improve write speed to files.

Refs: https://github.com/nodejs/node/issues/2298

PR-URL: https://github.com/nodejs/node/pull/25925
Fixes: https://github.com/nodejs/node/issues/2298
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 23:24:02 -07:00
Zach Bjornson
5e3b4d6ed9 fs: allow int64 offset in fs.write/writeSync/fd.write
Ref https://github.com/nodejs/node/issues/26563

PR-URL: https://github.com/nodejs/node/pull/26572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 22:09:34 -07:00
Zach Bjornson
a3c0014e73 fs: use IsSafeJsInt instead of IsNumber for ftruncate
PR-URL: https://github.com/nodejs/node/pull/26572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 22:09:32 -07:00
Zach Bjornson
0bbda5e5ae fs: allow int64 offset in fs.read/readSync/fd.read
Since v10.10.0, 'buf' can be any DataView, meaning the largest
byteLength can be Float64Array.BYTES_PER_ELEMENT * kMaxLength =
17,179,869,176.

'offset' can now be up to 2**53 - 1. This makes it possible to tile
reads into a large buffer.

Breaking: now throws if read offset is not a safe int, is null or
is undefined.

Fixes https://github.com/nodejs/node/issues/26563

PR-URL: https://github.com/nodejs/node/pull/26572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 22:09:27 -07:00
Zach Bjornson
91a4cb7175 lib: rename validateInteger to validateSafeInteger
PR-URL: https://github.com/nodejs/node/pull/26572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 22:09:24 -07:00
Luigi Pinca
c3b8e50143 tls: allow client-side sockets to be half-opened
Make `tls.connect()` support an `allowHalfOpen` option which specifies
whether or not to allow the connection to be half-opened when the
`socket` option is not specified.

PR-URL: https://github.com/nodejs/node/pull/27836
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ouyang Yadong <oyydoibh@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
2019-08-17 06:46:31 +02:00
Gerhard Stoebich
f25bbf1255 readline: establish y in cursorTo as optional
Parameter y in cursorTo() is optional and this is also verified by
tests but docs don't state this. Besides that if the newly added
parameter callback is used with no y, it's quite unhandy. This PR allows
to simply omit y.

PR-URL: https://github.com/nodejs/node/pull/29128
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 21:40:00 -07:00
Robert Nagy
4a2bd69db9 stream: fix destroy() behavior
Ensure errorEmitted is always set. Only emit 'error' once.

PR-URL: https://github.com/nodejs/node/pull/29058
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 21:33:53 -07:00
Daniel Bevenius
a890771cd0 build: add a testclean target
This commit adds a target named testclean to allow for cleaning the
temporary files generated during a test run without having to use the
clean target.

PR-URL: https://github.com/nodejs/node/pull/29094
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 16:23:33 -07:00
Robert Nagy
7195cd6fb3 stream: use lazy registration for drain for fast destinations
PR-URL: https://github.com/nodejs/node/pull/29095
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 16:01:43 -07:00
Tony Brix
4111c57f7c fs: add default options for *stat()
PR-URL: https://github.com/nodejs/node/pull/29114
Fixes: https://github.com/nodejs/node/issues/29113
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-08-16 15:51:56 -07:00
Ben Noordhuis
841df6a9b6 src: simplify UnionBytes
Before this commit it was using a tagged union to store the one-byte and
two-byte pointers.

From a `sizeof(UnionBytes)` perspective that makes no difference - there
is a hole between the tag and the union - and it makes the code just a
little harder to reason about, IMO.

PR-URL: https://github.com/nodejs/node/pull/29116
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-16 15:49:51 -07:00
Michael Dawson
18405e66d2 doc: mention N-API as recommended approach
We've had a few comments that from the doc it might not
be clear that N-API is the recommended approach for Addons.
As a start, mention N-API early in the non N-API section
as the recommended approach unless lower level access
is required.

PR-URL: https://github.com/nodejs/node/pull/28922
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-16 14:47:27 -04:00
Rich Trott
b9ff6a3fb1 test: add required settings to test-benchmark-buffer
A benchmark was added but the appropriate settings were not added to
test-benchmark-buffer. These two additions make sure that the new
benchmark file only runs a single benchmark during testing.

PR-URL: https://github.com/nodejs/node/pull/29163
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
2019-08-16 10:15:38 -07:00
Andrew Hughes
791409a9ce
doc: fixup changelog for v10.16.3
Remove (SEMVER-MINOR) label from patch commit. Add link to table.

Refs: https://github.com/nodejs/node/pull/26990

PR-URL: https://github.com/nodejs/node/pull/29159
Reviewed-By: Beth Griggs <Bethany.Griggs@uk.ibm.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
2019-08-16 11:08:03 +01:00
Ben Noordhuis
0f8f4cd3d7 doc: fix introduced_in note in querystring.md
The method descriptions mentioned the right version but for some reason
the top-level description did not. Well, now it does.

PR-URL: https://github.com/nodejs/node/pull/29014
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-16 10:27:12 +02:00
Rainer Poisel
71b5ce5885 test: make exported method static
The exported method can be static as it will never be called directly.

PR-URL: https://github.com/nodejs/node/pull/29102
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-15 22:58:40 -07:00
cclauss
1173199e81 deps: V8: cherry-pick e3d7f8a
Original commit message:

    [build] update gen-postmortem-metadata for Python 3

    This change makes the code compatible with both Python 2 and Python 3.

    Change-Id: I99d68af9c3163607c3a2fdbafac339a98b7471e4
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/1751331
    Commit-Queue: Yang Guo <yangguo@chromium.org>
    Reviewed-by: Yang Guo <yangguo@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#63207}

Refs: e3d7f8a588

PR-URL: https://github.com/nodejs/node/pull/29105
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-15 20:54:53 -07:00
cclauss
a582c6b07c build: support py3 for configure.py
PR-URL: https://github.com/nodejs/node/pull/29106
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-15 20:43:33 -07:00
Beth Griggs
affa23bc88
2019-08-15, Version 8.16.1 'Carbon' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29152
2019-08-15 23:30:22 +01:00
Beth Griggs
004e2b759f
2019-08-15, Version 10.16.3 'Dubnium' (LTS)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29148
2019-08-15 22:50:53 +01:00
Michaël Zasso
edc2e5be34
2019-08-15, Version 12.8.1 (Current)
This is a security release.

Notable changes:

Node.js, as well as many other implementations of HTTP/2, have been
found vulnerable to Denial of Service attacks.
See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
for more information.

Vulnerabilities fixed:

* CVE-2019-9511 “Data Dribble”: The attacker requests a large amount of
  data from a specified resource over multiple streams. They manipulate
  window size and stream priority to force the server to queue the data
  in 1-byte chunks. Depending on how efficiently this data is queued,
  this can consume excess CPU, memory, or both, potentially leading to a
  denial of service.
* CVE-2019-9512 “Ping Flood”: The attacker sends continual pings to an
  HTTP/2 peer, causing the peer to build an internal queue of responses.
  Depending on how efficiently this data is queued, this can consume
  excess CPU, memory, or both, potentially leading to a denial of
  service.
* CVE-2019-9513 “Resource Loop”: The attacker creates multiple request
  streams and continually shuffles the priority of the streams in a way
  that causes substantial churn to the priority tree. This can consume
  excess CPU, potentially leading to a denial of service.
* CVE-2019-9514 “Reset Flood”: The attacker opens a number of streams
  and sends an invalid request over each stream that should solicit a
  stream of RST_STREAM frames from the peer. Depending on how the peer
  queues the RST_STREAM frames, this can consume excess memory, CPU,or
  both, potentially leading to a denial of service.
* CVE-2019-9515 “Settings Flood”: The attacker sends a stream of
  SETTINGS frames to the peer. Since the RFC requires that the peer
  reply with one acknowledgement per SETTINGS frame, an empty SETTINGS
  frame is almost equivalent in behavior to a ping. Depending on how
  efficiently this data is queued, this can consume excess CPU, memory,
  or both, potentially leading to a denial of service.
* CVE-2019-9516 “0-Length Headers Leak”: The attacker sends a stream of
  headers with a 0-length header name and 0-length header value,
  optionally Huffman encoded into 1-byte or greater headers. Some
  implementations allocate memory for these headers and keep the
  allocation alive until the session dies. This can consume excess
  memory, potentially leading to a denial of service.
* CVE-2019-9517 “Internal Data Buffering”: The attacker opens the HTTP/2
  window so the peer can send without constraint; however, they leave
  the TCP window closed so the peer cannot actually write (many of) the
  bytes on the wire. The attacker then sends a stream of requests for a
  large response object. Depending on how the servers queue the
  responses, this can consume excess memory, CPU, or both, potentially
  leading to a denial of service.
* CVE-2019-9518 “Empty Frames Flood”: The attacker sends a stream of
  frames with an empty payload and without the end-of-stream flag. These
  frames can be DATA, HEADERS, CONTINUATION and/or PUSH_PROMISE. The
  peer spends time processing each frame disproportionate to attack
  bandwidth. This can consume excess CPU, potentially leading to a
  denial of service. (Discovered by Piotr Sikora of Google)

PR-URL: https://github.com/nodejs/node/pull/29133
2019-08-15 14:49:36 +02:00
cjihrig
a15cd9d418 console: minor timeLogImpl() refactor
This commit does two things:

- Reverses the boolean value returned by timeLogImpl(). The new
  values make more sense semantically (IMO anyway), and save a
  a single NOT operation.
- Explicitly check for undefined when calling _times.get()
  instead of coercing the value.

PR-URL: https://github.com/nodejs/node/pull/29100
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-08-15 16:29:36 +08:00
Anna Henningsen
ec60b625b6
http2: allow security revert for Ping/Settings Flood
nghttp2 has updated its limit for outstanding Ping/Settings ACKs
to 1000. This commit allows reverting to the old default of 10000.

The associated CVEs are CVE-2019-9512/CVE-2019-9515.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:53 +02:00
Anna Henningsen
8a4a1931b8
http2: pause input processing if sending output
If we are waiting for the ability to send more output, we should not
process more input. This commit a) makes us send output earlier,
during processing of input, if we accumulate a lot and b) allows
interrupting the call into nghttp2 that processes input data
and resuming it at a later time, if we do find ourselves in a position
where we are waiting to be able to send more output.

This is part of mitigating CVE-2019-9511/CVE-2019-9517.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:53 +02:00
Anna Henningsen
ba624b6766
http2: stop reading from socket if writes are in progress
If a write to the underlying socket finishes asynchronously, that
means that we cannot write any more data at that point without waiting
for it to finish. If this happens, we should also not be producing any
more input.

This is part of mitigating CVE-2019-9511/CVE-2019-9517.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:53 +02:00
Anna Henningsen
695e38be69
http2: consider 0-length non-end DATA frames an error
This is intended to mitigate CVE-2019-9518.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:53 +02:00
Anna Henningsen
b2c7c51d0b
http2: shrink default vector::reserve() allocations
Allocating memory upfront comes with overhead, and in particular,
`std::vector` implementations do not necessarily return memory
to the system when one might expect that (e.g. after shrinking the
vector).

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:52 +02:00
Anna Henningsen
b4cfa521b8
http2: handle 0-length headers better
Ignore headers with 0-length names and track memory for headers
the way we track it for other HTTP/2 session memory too.

This is intended to mitigate CVE-2019-9516.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:52 +02:00
Anna Henningsen
a54af9e188
http2: limit number of invalid incoming frames
Limit the number of invalid input frames, as they may be pointing
towards a misbehaving peer. The limit is currently set to 1000 but
could be changed or made configurable.

This is intended to mitigate CVE-2019-9514.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:51:38 +02:00
Anna Henningsen
474577cf54
http2: limit number of rejected stream openings
Limit the number of streams that are rejected upon creation. Since
each such rejection is associated with an `NGHTTP2_ENHANCE_YOUR_CALM`
error that should tell the peer to not open any more streams,
continuing to open streams should be read as a sign of a misbehaving
peer. The limit is currently set to 100 but could be changed or made
configurable.

This is intended to mitigate CVE-2019-9514.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:50:30 +02:00
Anna Henningsen
599eee0990
http2: do not create ArrayBuffers when no DATA received
Lazily allocate `ArrayBuffer`s for the contents of DATA frames.
Creating `ArrayBuffer`s is, sadly, not a cheap operation with V8.

This is part of performance improvements to mitigate CVE-2019-9513.

Together with the previous commit, these changes improve throughput
in the adversarial case by about 100 %, and there is little more
that we can do besides artificially limiting the rate of incoming
metadata frames (i.e. after this patch, CPU usage is virtually
exclusively in libnghttp2).

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:50:26 +02:00
Anna Henningsen
c44ee7a14a
http2: only call into JS when necessary for session events
For some JS events, it only makes sense to call into JS when there
are listeners for the event in question.

The overhead is noticeable if a lot of these events are emitted during
the lifetime of a session. To reduce this overhead, keep track of
whether any/how many JS listeners are present, and if there are none,
skip calls into JS altogether.

This is part of performance improvements to mitigate CVE-2019-9513.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:50:22 +02:00
Anna Henningsen
8dae8d12df
http2: improve JS-side debug logging
DRY up the `debug()` calls, and in particular, avoid building template
strings before we know whether we need to.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:50:19 +02:00
Anna Henningsen
fd148d38d2
deps: update nghttp2 to 1.39.2
This includes mitigations for CVE-2019-9512/CVE-2019-9515.

PR-URL: https://github.com/nodejs/node/pull/29122
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
2019-08-15 09:50:14 +02:00
cclauss
8ae79c952b tools: make nodedownload.py Python 3 compatible
PR-URL: https://github.com/nodejs/node/pull/29104
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-14 16:40:42 -07:00
Brian White
6d351d4cc0 buffer: improve copy() performance
PR-URL: https://github.com/nodejs/node/pull/29066
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-14 15:59:32 -07:00
Robert Nagy
e505a741e3 doc: note that stream error can close stream
PR-URL: https://github.com/nodejs/node/pull/29082
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-14 15:56:20 -07:00
Robert Nagy
d30354859c http: follow symbol naming convention
PR-URL: https://github.com/nodejs/node/pull/29091
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-14 15:54:01 -07:00
Daniel Bevenius
f7321dc7f9 test: skip test-fs-access if root
Currently, if this test is run as the root user the following
failure will occur:

=== release test-fs-access ===
Path: parallel/test-fs-access
(node:46733) internal/test/binding: These APIs are for internal testing
only. Do not use them.
Can't clean tmpdir: /root/node/test/.tmp.522
Files blocking: [ 'read_only_file', 'read_write_file' ]

/root/node/test/common/tmpdir.js:136
    throw e;
    ^

Error: EACCES: permission denied, rmdir '/root/node/test/.tmp.522'
    at Object.rmdirSync (fs.js:693:3)
    at rmdirSync (/root/node/test/common/tmpdir.js:72:8)
    at rimrafSync (/root/node/test/common/tmpdir.js:41:7)
    at process.onexit (/root/node/test/common/tmpdir.js:121:5)
    at process.emit (events.js:214:15) {
  errno: -13,
  syscall: 'rmdir',
  code: 'EACCES',
  path: '/root/node/test/.tmp.522'
}
Command: ./node --expose-internals test/parallel/test-fs-access.js

This commit adds a root user check and skips this test if running as the
user root.

PR-URL: https://github.com/nodejs/node/pull/29092
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
2019-08-14 15:52:20 -07:00
cjihrig
a352a7129e buffer: improve ERR_BUFFER_OUT_OF_BOUNDS default
This commit changes the default message used by
ERR_BUFFER_OUT_OF_BOUNDS. Previously, the default
message implied that the problematic was always a
write, which is not accurate.

PR-URL: https://github.com/nodejs/node/pull/29098
Fixes: https://github.com/nodejs/node/issues/29097
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-14 15:24:34 -07:00
Giorgos Ntemiris
427e5348a2 module: add warning when import,export is detected in CJS context
This will allow users to know how to change their project to support
ES modules.

PR-URL: https://github.com/nodejs/node/pull/28950
Reviewed-By: Bradley Farias <bradley.meck@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Guy Bedford <guybedford@gmail.com>
2019-08-13 11:19:48 -07:00
gengjiawen
a49b20d324 inspector: use const for contextGroupId
PR-URL: https://github.com/nodejs/node/pull/29076
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
2019-08-13 04:26:26 +02:00
Brian White
382f84a7f8 stream: improve read() performance further
PR-URL: https://github.com/nodejs/node/pull/29077
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-08-12 16:55:05 -07:00
XhmikosR
f114e5ba33 doc, lib, src, test, tools: fix assorted typos
PR-URL: https://github.com/nodejs/node/pull/29075
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
2019-08-12 16:00:22 -07:00
Robert Nagy
d7a4ace34b doc: clarify async iterator leak
Clarifies that creating multiple async iterators from the same stream
can lead to event listener leak.

PR-URL: https://github.com/nodejs/node/pull/28997
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
2019-08-12 15:46:22 -07:00
Luigi Pinca
f985a25ba7 http: remove redundant condition
`conn.destroyed` is guaranteed to be `false` because a previous `if`
statement already handles the case where `conn && conn.destroyed`
evaluates to `true` returning `false` in that case.

PR-URL: https://github.com/nodejs/node/pull/29078
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-12 13:53:17 -07:00
Daniel Bevenius
b4f0a18b5a tools: allow single JS file for --link-module
The description for the --link-module configuration option is as
follows:
$ ./configure --help | grep -A 5 'link-module'
  --link-module=LINKED_MODULE
                      Path to a JS file to be bundled in the binary as a
                      builtin. This module will be referenced by path
                      without extension; e.g. /root/x/y.js will be
                      referenced via require('root/x/y'). Can be used
                      multiple times

This lead me to think that it was possible to specify a file like this:
$ ./configure --link-module=something.js
$ NODE_DEBUG=mkcodecache make -j8

This will lead to a compilation error as an entry in the source_ map in
node_javascript.cc will end up having an empty string as its key:
source_.emplace("", UnionBytes{_raw, 105});

This will then be used by CodeCacheBuilder when it iterates over the
module ids, which will lead to the following compilation errors:

/node/out/Release/obj/gen/node_code_cache.cc:12:23: warning:
ISO C++17 does not allow a decomposition group to be
empty [-Wempty-decomposition]
static const uint8_t [] = {
                      ^
/node/out/Release/obj/gen/node_code_cache.cc:12:22: warning:
decomposition declarations are a C++17 extension [-Wc++17-extensions]
static const uint8_t [] = {
                     ^~
/node/out/Release/obj/gen/node_code_cache.cc:12:1: error:
decomposition declaration cannot be declared 'static'
static const uint8_t [] = {
^~~~~~
/node/out/Release/obj/gen/node_code_cache.cc:12:22: error:
decomposition declaration cannot be declared with type 'const uint8_t'
(aka 'const unsigned char'); declared type must be 'auto' or
reference to 'auto'
static const uint8_t [] = {
                     ^
/node/out/Release/obj/gen/node_code_cache.cc:12:22: error:
excess elements in scalar initializer
static const uint8_t [] = {
                     ^
/node/out/Release/obj/gen/node_code_cache.cc:660:7: error:
expected expression
      ,
      ^
/node/out/Release/obj/gen/node_code_cache.cc:661:24: error:
no matching function for call to 'arraysize'
      static_cast<int>(arraysize()), policy
                       ^~~~~~~~~
../src/util.h:667:18: note: candidate function template not viable:
requires 1 argument, but 0 were provided
constexpr size_t arraysize(const T (&)[N]) {
                 ^
2 warnings and 5 errors generated.

This commit suggests that passing a single file be allowed by modifying
tools/js2c.py.

PR-URL: https://github.com/nodejs/node/pull/28443
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
2019-08-12 12:56:43 +02:00