diff options
author | James M Snell <jasnell@gmail.com> | 2017-08-16 09:34:37 -0700 |
---|---|---|
committer | James M Snell <jasnell@gmail.com> | 2017-08-18 15:02:12 -0700 |
commit | 35f6e59dfce2f4f525d02d84aabe26bf111de567 (patch) | |
tree | 1f0b0a6dd4719ca09bc0cee08c0bfc6975272ab6 /src | |
parent | b5bad25110ef15a9d9befb2b110608b709e1fc2f (diff) | |
download | android-node-v8-35f6e59dfce2f4f525d02d84aabe26bf111de567.tar.gz android-node-v8-35f6e59dfce2f4f525d02d84aabe26bf111de567.tar.bz2 android-node-v8-35f6e59dfce2f4f525d02d84aabe26bf111de567.zip |
src: minor cleanup for node_revert
Make the revert related functions inline to eliminate the need
for node_revert.cc, prefix the constants and the def, other misc
cleanup
PR-URL: https://github.com/nodejs/node/pull/14864
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Diffstat (limited to 'src')
-rw-r--r-- | src/node.cc | 7 | ||||
-rw-r--r-- | src/node_config.cc | 1 | ||||
-rw-r--r-- | src/node_revert.cc | 53 | ||||
-rw-r--r-- | src/node_revert.h | 65 |
4 files changed, 48 insertions, 78 deletions
diff --git a/src/node.cc b/src/node.cc index 1ef5adce3b..34785693c8 100644 --- a/src/node.cc +++ b/src/node.cc @@ -184,6 +184,9 @@ static bool trace_enabled = false; static std::string trace_enabled_categories; // NOLINT(runtime/string) static bool abort_on_uncaught_exception = false; +// Bit flag used to track security reverts (see node_revert.h) +unsigned int reverted = 0; + #if defined(NODE_HAVE_I18N_SUPPORT) // Path to ICU data (for i18n / Intl) std::string icu_data_dir; // NOLINT(runtime/string) @@ -3437,11 +3440,11 @@ void SetupProcessObject(Environment* env, // --security-revert flags #define V(code, _, __) \ do { \ - if (IsReverted(REVERT_ ## code)) { \ + if (IsReverted(SECURITY_REVERT_ ## code)) { \ READONLY_PROPERTY(process, "REVERT_" #code, True(env->isolate())); \ } \ } while (0); - REVERSIONS(V) + SECURITY_REVERSIONS(V) #undef V size_t exec_path_len = 2 * PATH_MAX; diff --git a/src/node_config.cc b/src/node_config.cc index d4fb991c58..64263fb2d6 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -6,7 +6,6 @@ #include "util-inl.h" #include "node_debug_options.h" - namespace node { using v8::Boolean; diff --git a/src/node_revert.cc b/src/node_revert.cc deleted file mode 100644 index 9d029a3592..0000000000 --- a/src/node_revert.cc +++ /dev/null @@ -1,53 +0,0 @@ -#include "node_revert.h" -#include <stdio.h> -#include <string.h> - -namespace node { - -unsigned int reverted = 0; - -static const char* RevertMessage(const unsigned int cve) { -#define V(code, label, msg) case REVERT_ ## code: return label ": " msg; - switch (cve) { - REVERSIONS(V) - default: - return "Unknown"; - } -#undef V -} - -void Revert(const unsigned int cve) { - reverted |= 1 << cve; - printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); -} - -void Revert(const char* cve) { -#define V(code, label, _) \ - do { \ - if (strcmp(cve, label) == 0) { \ - Revert(static_cast<unsigned int>(REVERT_ ## code)); \ - return; \ - } \ - } while (0); - REVERSIONS(V) -#undef V - printf("Error: Attempt to revert an unknown CVE [%s]\n", cve); - exit(12); -} - -bool IsReverted(const unsigned int cve) { - return reverted & (1 << cve); -} - -bool IsReverted(const char * cve) { -#define V(code, label, _) \ - do { \ - if (strcmp(cve, label) == 0) \ - return IsReverted(static_cast<unsigned int>(REVERT_ ## code)); \ - } while (0); - REVERSIONS(V) - return false; -#undef V -} - -} // namespace node diff --git a/src/node_revert.h b/src/node_revert.h index b4c3633e94..c26bb67781 100644 --- a/src/node_revert.h +++ b/src/node_revert.h @@ -6,40 +6,61 @@ #include "node.h" /** - * Note that it is expected for this list to vary across specific LTS and - * Stable versions! Only CVE's whose fixes require *breaking* changes within - * a given LTS or Stable may be added to this list, and only with CTC - * consensus. + * Note that it is expected for this list to vary across specific LTS and + * Stable versions! Only CVE's whose fixes require *breaking* changes within + * a given LTS or Stable may be added to this list, and only with CTC + * consensus. * * For *master* this list should always be empty! - * **/ -#define REVERSIONS(XX) -// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") - namespace node { -typedef enum { -#define V(code, _, __) REVERT_ ## code, - REVERSIONS(V) -#undef V -} reversions_t; +#define SECURITY_REVERSIONS(XX) +// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") +enum reversion { +#define V(code, ...) SECURITY_REVERT_##code, + SECURITY_REVERSIONS(V) +#undef V +}; -/* A bit field for tracking the active reverts */ extern unsigned int reverted; -/* Revert the given CVE (see reversions_t enum) */ -void Revert(const unsigned int cve); +inline const char* RevertMessage(const reversion cve) { +#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; + switch (cve) { + SECURITY_REVERSIONS(V) + default: + return "Unknown"; + } +#undef V +} -/* Revert the given CVE by label */ -void Revert(const char* cve); +inline void Revert(const reversion cve) { + reverted |= 1 << cve; + printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); +} -/* true if the CVE has been reverted **/ -bool IsReverted(const unsigned int cve); +inline void Revert(const char* cve) { +#define V(code, label, _) \ + if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); + SECURITY_REVERSIONS(V) +#undef V + printf("Error: Attempt to revert an unknown CVE [%s]\n", cve); + exit(12); +} -/* true if the CVE has been reverted **/ -bool IsReverted(const char * cve); +inline bool IsReverted(const reversion cve) { + return reverted & (1 << cve); +} + +inline bool IsReverted(const char* cve) { +#define V(code, label, _) \ + if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); + SECURITY_REVERSIONS(V) + return false; +#undef V +} } // namespace node |