mirror of https://github.com/nodejs/node.git synced 2024-12-01 16:10:02 +01:00

History

Tobias Nießen 499533f72a crypto: fix handling of malicious getters (scrypt) It is possible to bypass parameter validation in crypto.scrypt and crypto.scryptSync by crafting option objects with malicious getters as demonstrated in the regression test. After bypassing validation, any value can be passed to the C++ layer, causing an assertion to crash the process. Fixes: https://github.com/nodejs/node/issues/28836 PR-URL: https://github.com/nodejs/node/pull/28838 Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>		2019-07-26 10:19:28 -07:00
..
assert	assert: avoid potentially misleading reference to object identity	2019-07-25 22:36:29 -07:00
bootstrap	policy: add policy-integrity to mitigate policy tampering	2019-07-20 13:24:58 -07:00
cluster	lib: correct error.errno to always be numeric	2019-06-17 10:18:09 +08:00
console	console: fix table() output	2019-05-30 08:44:34 +02:00
crypto	crypto: fix handling of malicious getters (scrypt)	2019-07-26 10:19:28 -07:00
dns	dns: refactor internal/dns/promises.js	2019-04-16 16:19:14 -07:00
fs	fs: document the Date conversion in Stats objects	2019-06-17 11:54:34 +02:00
http2	http2: compat req.complete	2019-07-20 22:04:17 -07:00
main	doc: add line for inspect host:port invocation	2019-07-11 20:40:08 -07:00
modules	module: implement "exports" proposal for CommonJS	2019-07-23 16:11:20 -07:00
per_context	bootstrap: delay the instantiation of maps in per-context scripts	2019-04-26 07:23:42 +02:00
policy
process	report: modify getReport() to return an Object	2019-07-12 14:48:09 -07:00
readline	lib: rename lib/internal/readline.js	2019-07-20 11:56:53 -07:00
repl	deps: update acorn to 6.2.0	2019-07-15 00:04:50 +02:00
streams	stream: add null push transform in async_iterator	2019-07-20 22:32:08 -07:00
test
util	process: split routines used to enhance fatal exception stack traces	2019-06-27 20:22:08 +08:00
vm	module: initialize module_wrap.callbackMap during pre-execution	2019-04-25 12:11:10 +08:00
worker	worker: only unref port for stdin if we ref’ed it before	2019-06-20 11:27:27 -06:00
assert.js	lib: throw a special error in internal/assert	2019-04-25 01:29:48 +02:00
async_hooks.js	async_hooks: only disable promise hook if wanted	2019-05-13 12:47:45 +02:00
buffer.js	tools: update eslint	2019-06-27 11:57:19 +02:00
child_process.js	child_process: runtime deprecate _channel	2019-05-31 11:13:25 -04:00
cli_table.js
constants.js
dgram.js	src: move guessHandleType in the util binding	2019-04-20 13:25:41 +08:00
dtrace.js
encoding.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
error-serdes.js
errors.js	module: implement "exports" proposal for CommonJS	2019-07-23 16:11:20 -07:00
fixed_queue.js
freelist.js	lib: faster FreeList	2019-04-11 05:40:59 +02:00
freeze_intrinsics.js	bootstrap: --frozen-intrinsics override problem workaround	2019-06-22 23:17:44 +02:00
http.js	perf_hooks: add HttpRequest statistics monitoring #28445	2019-07-12 00:36:27 +02:00
idna.js
inspector_async_hook.js
js_stream_socket.js	stream: use readableObjectMode public api for js stream	2019-05-19 23:37:51 +02:00
linkedlist.js
net.js	lib: correct error.errno to always be numeric	2019-06-17 10:18:09 +08:00
options.js
priority_queue.js
querystring.js
readme.md
repl.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
socket_list.js
stream_base_commons.js	util: access process states lazily in debuglog	2019-04-20 00:30:38 +08:00
timers.js	lib: remove Reflect.apply where appropriate	2019-04-30 08:36:55 +02:00
tls.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
trace_events_async_hooks.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
tty.js
url.js	lib: enforce the use of Object from primordials	2019-04-12 05:38:45 +02:00
util.js	process: split routines used to enhance fatal exception stack traces	2019-06-27 20:22:08 +08:00
v8_prof_polyfill.js
v8_prof_processor.js
validators.js	lib: support min/max values in validateInteger()	2019-07-23 14:57:47 -07:00
worker.js	worker: assign missing deprecation code	2019-07-03 22:13:54 +02:00

readme.md

Internal Modules

The modules in lib/internal are intended for internal use in Node.js core only, and are not accessible with require() from user modules. These modules can be changed at any time. Reliance on these modules outside of core is not supported in any way.