mirror of
https://github.com/nodejs/node.git
synced 2024-12-01 16:10:02 +01:00
241eb6122e
On 4 April 2017, Node.js versions v4.8.2 and v6.10.2 were released. These versions bumped the vendored zlib library from v1.2.8 to v1.2.11 in response to what it describes as low-severity CVEs. In zlib v1.2.9, a change was made that causes an error to be raised when a raw deflate stream is initialised with windowBits set to 8. In zlib v1.2.9, 8 become an invalid value for this parameter, and Node's zlib module will crash if you call this: ``` zlib.createDeflateRaw({windowBits: 8}) ``` On some versions this crashes Node and you cannot recover from it, while on some versions it throws an exception. The permessage-deflate library up to version v0.1.5 does make such a call with no try/catch This commit reverts to the original behavior of zlib by gracefully changed windowBits: 8 to windowBits: 9 for raw deflate streams. Original-PR-URL: https://github.com/nodejs-private/node-private/pull/95 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Sam Roberts <vieuxtech@gmail.com> PR-URL: https://github.com/nodejs/node/pull/16511 Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> Reviewed-By: Refael Ackermann <refack@gmail.com> |
||
---|---|---|
.. | ||
internal | ||
_http_agent.js | ||
_http_client.js | ||
_http_common.js | ||
_http_incoming.js | ||
_http_outgoing.js | ||
_http_server.js | ||
_stream_duplex.js | ||
_stream_passthrough.js | ||
_stream_readable.js | ||
_stream_transform.js | ||
_stream_wrap.js | ||
_stream_writable.js | ||
_tls_common.js | ||
_tls_legacy.js | ||
_tls_wrap.js | ||
.eslintrc.yaml | ||
assert.js | ||
async_hooks.js | ||
buffer.js | ||
child_process.js | ||
cluster.js | ||
console.js | ||
constants.js | ||
crypto.js | ||
dgram.js | ||
dns.js | ||
domain.js | ||
events.js | ||
fs.js | ||
http2.js | ||
http.js | ||
https.js | ||
inspector.js | ||
module.js | ||
net.js | ||
os.js | ||
path.js | ||
perf_hooks.js | ||
process.js | ||
punycode.js | ||
querystring.js | ||
readline.js | ||
repl.js | ||
stream.js | ||
string_decoder.js | ||
sys.js | ||
timers.js | ||
tls.js | ||
tty.js | ||
url.js | ||
util.js | ||
v8.js | ||
vm.js | ||
zlib.js |