diff options
| author | Myles Borins <mylesborins@google.com> | 2017-10-13 01:10:44 -0400 |
|---|---|---|
| committer | Anna Henningsen <anna@addaleax.net> | 2017-10-29 20:14:01 +0100 |
| commit | 241eb6122ee6f36de16ee4ed4a6a291510b1807f (patch) | |
| tree | bcfdd28a52706ea025eae8530ceff18f05b343f7 /test/parallel/test-zlib-failed-init.js | |
| parent | 203b548381c53e904b56b2e1d02c18ed26c24a58 (diff) | |
| download | android-node-v8-241eb6122ee6f36de16ee4ed4a6a291510b1807f.tar.gz android-node-v8-241eb6122ee6f36de16ee4ed4a6a291510b1807f.tar.bz2 android-node-v8-241eb6122ee6f36de16ee4ed4a6a291510b1807f.zip | |
zlib: gracefully set windowBits from 8 to 9
On 4 April 2017, Node.js versions v4.8.2 and v6.10.2 were
released. These versions bumped the vendored zlib library from
v1.2.8 to v1.2.11 in response to what it describes as low-severity
CVEs. In zlib v1.2.9, a change was made that causes an error to be
raised when a raw deflate stream is initialised with windowBits set
to 8.
In zlib v1.2.9, 8 become an invalid value for this parameter, and Node's zlib
module will crash if you call this:
```
zlib.createDeflateRaw({windowBits: 8})
```
On some versions this crashes Node and you cannot recover from it, while on some
versions it throws an exception. The permessage-deflate library up to
version v0.1.5 does make such a call with no try/catch
This commit reverts to the original behavior of zlib by gracefully changed
windowBits: 8 to windowBits: 9 for raw deflate streams.
Original-PR-URL: https://github.com/nodejs-private/node-private/pull/95
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/16511
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Refael Ackermann <refack@gmail.com>
Diffstat (limited to 'test/parallel/test-zlib-failed-init.js')
| -rw-r--r-- | test/parallel/test-zlib-failed-init.js | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js index 7dd53ea370..5bbd64426a 100644 --- a/test/parallel/test-zlib-failed-init.js +++ b/test/parallel/test-zlib-failed-init.js @@ -5,23 +5,6 @@ const common = require('../common'); const assert = require('assert'); const zlib = require('zlib'); -// For raw deflate encoding, requests for 256-byte windows are rejected as -// invalid by zlib (http://zlib.net/manual.html#Advanced). -// This check was introduced in version 1.2.9 and prior to that there was -// no such rejection which is the reason for the version check below -// (http://zlib.net/ChangeLog.txt). -if (!/^1\.2\.[0-8]$/.test(process.versions.zlib)) { - common.expectsError( - () => zlib.createDeflateRaw({ windowBits: 8 }), - { - code: 'ERR_ZLIB_INITIALIZATION_FAILED', - type: Error, - message: 'Initialization failed' - }); -} - -// Regression tests for bugs in the validation logic. - common.expectsError( () => zlib.createGzip({ chunkSize: 0 }), { |