OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2026-01-15 12:15:26 +00:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity
Files
d67d0a63d9e29bc53556cbdb7352a944db46f143
node/lib
History
Myles Borins bf00665af6 path: unwind regular expressions in Windows 
This is the second part to removing REDOS vulnerabilities from v4.x

The function `splitTailRe` exposed a REDOS vulnerability. It was only
utilized in the Windows implementation of a number of the path utilities.
In v6.x a change landed that unwound this regular expression, and in
turn patched the vulnerability.

This commit copies the unwound implementation currently found on v8.x.
It is completely self contained. I attempted to keep all warnings
and deprecations the same as the v4.x implementation, but may have
missed something buried in the large unwound functions.

Refs: https://github.com/nodejs/node/commit/b212be08f6
2018-02-22 17:47:13 -05:00
..
internal
child_process: refactor internal/child_process.js
2017-03-08 17:29:25 -08:00
_debug_agent.js
debugger: make listen address configurable
2016-11-22 14:02:28 +08:00
_debugger.js
debugger: call this.resume() after this.run()
2017-01-31 20:04:29 -05:00
_http_agent.js
https: fix memory leak with https.request()
2016-11-18 15:40:20 -05:00
_http_client.js
http: use Buffer.from to avoid Buffer(num) call
2017-07-10 10:59:41 +01:00
_http_common.js
http: fix connection upgrade checks
2016-11-22 16:01:03 +08:00
_http_incoming.js
http: fix no dumping after maybeReadMore
2016-07-14 12:44:41 -07:00
_http_outgoing.js
http: fix connection upgrade checks
2016-11-22 16:01:03 +08:00
_http_server.js
src: unconsume stream fix in internal http impl
2017-03-08 17:29:36 -08:00
_linklist.js
lib: changed var to const in linkedlist
2016-11-22 14:23:37 +08:00
_stream_duplex.js
node: allow multiple arguments passed to nextTick
2015-04-15 17:02:21 -06:00
_stream_passthrough.js
lib: use const to define constants
2015-01-21 16:21:31 -05:00
_stream_readable.js
streams: fix regression in unpipe()
2016-11-14 11:39:59 -05:00
_stream_transform.js
stream: prevent object map change in TransformState
2016-03-21 12:57:54 -07:00
_stream_wrap.js
test,lib,benchmark: match function names
2017-01-31 20:04:27 -05:00
_stream_writable.js
test,lib,benchmark: match function names
2017-01-31 20:04:27 -05:00
_tls_common.js
crypto: freelist_max_len is gone in OpenSSL 1.1.0
2017-03-08 17:29:46 -08:00
_tls_legacy.js
tls, crypto: add ALPN Support
2017-01-31 20:04:27 -05:00
_tls_wrap.js
Partial revert "tls: keep track of stream that is closed"
2017-04-18 20:08:38 -04:00
.eslintrc.yaml
tools: rename eslintrc to an undeprecated format
2017-03-08 17:29:48 -08:00
assert.js
assert: remove unneeded condition
2017-03-08 17:29:27 -08:00
buffer.js
buffer: improve toJSON() performance
2017-03-08 17:29:47 -08:00
child_process.js
child_process: remove empty if condition
2017-03-08 17:29:25 -08:00
cluster.js
cluster: remove bind() and self
2016-10-26 14:09:01 -04:00
console.js
console: check that stderr is writable
2016-03-30 13:12:14 -07:00
constants.js
Remove excessive copyright/license boilerplate
2015-01-12 15:30:28 -08:00
crypto.js
streams: refactor LazyTransform to internal/
2015-09-15 13:53:21 -04:00
dgram.js
dgram: fix possibly deoptimizing use of arguments
2017-03-09 13:22:19 -08:00
dns.js
dns: tweak regex for IPv6 addresses
2016-10-26 14:09:18 -04:00
domain.js
test,lib,benchmark: match function names
2017-01-31 20:04:27 -05:00
events.js
events: pass the original listener added by once
2016-11-22 15:55:16 +08:00
freelist.js
lib,test: add freelist deprecation and test
2015-07-17 19:48:31 -07:00
fs.js
fs: add the fs.mkdtemp() function.
2017-01-31 20:04:27 -05:00
http.js
lib,src: remove usage of events.EventEmitter
2015-09-23 08:39:34 +10:00
https.js
tls, crypto: add ALPN Support
2017-01-31 20:04:27 -05:00
module.js
module: fix loading from global folders on Windows
2017-04-18 20:08:37 -04:00
net.js
net: prefer === to ==
2017-03-08 17:29:19 -08:00
os.js
lib: refactor code with startsWith/endsWith
2016-04-08 17:16:43 -04:00
path.js
path: unwind regular expressions in Windows
2018-02-22 17:47:13 -05:00
process.js
src: remove excessive license boilerplate
2015-01-27 16:35:05 +11:00
punycode.js
lib: add missing new for errors lib/*.js
2015-03-24 12:42:15 -07:00
querystring.js
querystring: don't stringify bad surrogate pair
2016-04-11 11:10:47 -04:00
readline.js
readline: refactor construct Interface
2017-03-08 17:29:43 -08:00
repl.js
repl: refactor lib/repl.js
2016-12-13 16:25:30 -05:00
stream.js
lib,src: remove usage of events.EventEmitter
2015-09-23 08:39:34 +10:00
string_decoder.js
string_decoder: fix performance regression
2016-03-21 12:57:54 -07:00
sys.js
util: introduce printDeprecationMessage function
2015-06-04 10:59:43 +03:00
timers.js
lib,test: use consistent operator linebreak style
2017-01-31 20:04:31 -05:00
tls.js
tls: copy the Buffer object before using
2017-01-31 20:04:28 -05:00
tty.js
tty: avoid oob warning in TTYWrap::GetWindowSize()
2017-03-08 17:29:23 -08:00
url.js
lib: remove let from for loops
2016-11-14 11:39:59 -05:00
util.js
util: don't init Debug if it's not needed yet
2017-03-08 17:29:54 -08:00
v8.js
lib,src: support values > 4GB in heap statistics
2017-03-08 17:29:18 -08:00
vm.js
lib: reduce util.is*() usage
2015-01-31 23:47:29 -05:00
zlib.js
zlib: fix node crashing on invalid options
2017-10-25 04:25:41 -04:00