diff options
| -rw-r--r-- | src/node.cc | 10 | ||||
| -rw-r--r-- | src/node_revert.h | 7 | ||||
| -rw-r--r-- | test/parallel/test-security-revert-unknown.js | 14 |
3 files changed, 26 insertions, 5 deletions
diff --git a/src/node.cc b/src/node.cc index 2766654e9a..7e0fb828e5 100644 --- a/src/node.cc +++ b/src/node.cc @@ -915,8 +915,14 @@ int ProcessGlobalArgs(std::vector<std::string>* args, if (!errors->empty()) return 9; - for (const std::string& cve : per_process::cli_options->security_reverts) - Revert(cve.c_str()); + std::string revert_error; + for (const std::string& cve : per_process::cli_options->security_reverts) { + Revert(cve.c_str(), &revert_error); + if (!revert_error.empty()) { + errors->emplace_back(std::move(revert_error)); + return 12; + } + } auto env_opts = per_process::cli_options->per_isolate->per_env; if (std::find(v8_args.begin(), v8_args.end(), diff --git a/src/node_revert.h b/src/node_revert.h index 4c0ebcd9fd..38e2ba7105 100644 --- a/src/node_revert.h +++ b/src/node_revert.h @@ -43,13 +43,14 @@ inline void Revert(const reversion cve) { printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); } -inline void Revert(const char* cve) { +inline void Revert(const char* cve, std::string* error) { #define V(code, label, _) \ if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); SECURITY_REVERSIONS(V) #undef V - printf("Error: Attempt to revert an unknown CVE [%s]\n", cve); - exit(12); + *error = "Error: Attempt to revert an unknown CVE ["; + *error += cve; + *error += ']'; } inline bool IsReverted(const reversion cve) { diff --git a/test/parallel/test-security-revert-unknown.js b/test/parallel/test-security-revert-unknown.js new file mode 100644 index 0000000000..688076ce94 --- /dev/null +++ b/test/parallel/test-security-revert-unknown.js @@ -0,0 +1,14 @@ +'use strict'; +require('../common'); +const assert = require('assert'); +const { spawnSync } = require('child_process'); +const os = require('os'); + +const { signal, status, output } = + spawnSync(process.execPath, ['--security-reverts=not-a-cve']); +assert.strictEqual(signal, null); +assert.strictEqual(status, 12); +assert.strictEqual( + output[2].toString(), + `${process.execPath}: Error: ` + + `Attempt to revert an unknown CVE [not-a-cve]${os.EOL}`); |