diff --git a/node.gyp b/node.gyp index e9e9e8b254f794..7da91b44304ebb 100644 --- a/node.gyp +++ b/node.gyp @@ -191,7 +191,6 @@ 'src/node_main.cc', 'src/node_os.cc', 'src/node_platform.cc', - 'src/node_revert.cc', 'src/node_serdes.cc', 'src/node_url.cc', 'src/node_util.cc', @@ -647,7 +646,6 @@ '<(OBJ_PATH)<(OBJ_SEPARATOR)string_search.<(OBJ_SUFFIX)', '<(OBJ_PATH)<(OBJ_SEPARATOR)stream_base.<(OBJ_SUFFIX)', '<(OBJ_PATH)<(OBJ_SEPARATOR)node_constants.<(OBJ_SUFFIX)', - '<(OBJ_PATH)<(OBJ_SEPARATOR)node_revert.<(OBJ_SUFFIX)', '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)agent.<(OBJ_SUFFIX)', '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_buffer.<(OBJ_SUFFIX)', '<(OBJ_TRACING_PATH)<(OBJ_SEPARATOR)node_trace_writer.<(OBJ_SUFFIX)', diff --git a/src/node.cc b/src/node.cc index 1ef5adce3bb7d1..34785693c8a7ad 100644 --- a/src/node.cc +++ b/src/node.cc @@ -184,6 +184,9 @@ static bool trace_enabled = false; static std::string trace_enabled_categories; // NOLINT(runtime/string) static bool abort_on_uncaught_exception = false; +// Bit flag used to track security reverts (see node_revert.h) +unsigned int reverted = 0; + #if defined(NODE_HAVE_I18N_SUPPORT) // Path to ICU data (for i18n / Intl) std::string icu_data_dir; // NOLINT(runtime/string) @@ -3437,11 +3440,11 @@ void SetupProcessObject(Environment* env, // --security-revert flags #define V(code, _, __) \ do { \ - if (IsReverted(REVERT_ ## code)) { \ + if (IsReverted(SECURITY_REVERT_ ## code)) { \ READONLY_PROPERTY(process, "REVERT_" #code, True(env->isolate())); \ } \ } while (0); - REVERSIONS(V) + SECURITY_REVERSIONS(V) #undef V size_t exec_path_len = 2 * PATH_MAX; diff --git a/src/node_config.cc b/src/node_config.cc index d4fb991c5818a2..64263fb2d69af4 100644 --- a/src/node_config.cc +++ b/src/node_config.cc @@ -6,7 +6,6 @@ #include "util-inl.h" #include "node_debug_options.h" - namespace node { using v8::Boolean; diff --git a/src/node_revert.cc b/src/node_revert.cc deleted file mode 100644 index 9d029a3592fd0c..00000000000000 --- a/src/node_revert.cc +++ /dev/null @@ -1,53 +0,0 @@ -#include "node_revert.h" -#include -#include - -namespace node { - -unsigned int reverted = 0; - -static const char* RevertMessage(const unsigned int cve) { -#define V(code, label, msg) case REVERT_ ## code: return label ": " msg; - switch (cve) { - REVERSIONS(V) - default: - return "Unknown"; - } -#undef V -} - -void Revert(const unsigned int cve) { - reverted |= 1 << cve; - printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); -} - -void Revert(const char* cve) { -#define V(code, label, _) \ - do { \ - if (strcmp(cve, label) == 0) { \ - Revert(static_cast(REVERT_ ## code)); \ - return; \ - } \ - } while (0); - REVERSIONS(V) -#undef V - printf("Error: Attempt to revert an unknown CVE [%s]\n", cve); - exit(12); -} - -bool IsReverted(const unsigned int cve) { - return reverted & (1 << cve); -} - -bool IsReverted(const char * cve) { -#define V(code, label, _) \ - do { \ - if (strcmp(cve, label) == 0) \ - return IsReverted(static_cast(REVERT_ ## code)); \ - } while (0); - REVERSIONS(V) - return false; -#undef V -} - -} // namespace node diff --git a/src/node_revert.h b/src/node_revert.h index b4c3633e947a6e..c26bb677818cfa 100644 --- a/src/node_revert.h +++ b/src/node_revert.h @@ -6,40 +6,61 @@ #include "node.h" /** - * Note that it is expected for this list to vary across specific LTS and - * Stable versions! Only CVE's whose fixes require *breaking* changes within - * a given LTS or Stable may be added to this list, and only with CTC - * consensus. + * Note that it is expected for this list to vary across specific LTS and + * Stable versions! Only CVE's whose fixes require *breaking* changes within + * a given LTS or Stable may be added to this list, and only with CTC + * consensus. * * For *master* this list should always be empty! - * **/ -#define REVERSIONS(XX) -// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") - namespace node { -typedef enum { -#define V(code, _, __) REVERT_ ## code, - REVERSIONS(V) -#undef V -} reversions_t; +#define SECURITY_REVERSIONS(XX) +// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") +enum reversion { +#define V(code, ...) SECURITY_REVERT_##code, + SECURITY_REVERSIONS(V) +#undef V +}; -/* A bit field for tracking the active reverts */ extern unsigned int reverted; -/* Revert the given CVE (see reversions_t enum) */ -void Revert(const unsigned int cve); +inline const char* RevertMessage(const reversion cve) { +#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; + switch (cve) { + SECURITY_REVERSIONS(V) + default: + return "Unknown"; + } +#undef V +} -/* Revert the given CVE by label */ -void Revert(const char* cve); +inline void Revert(const reversion cve) { + reverted |= 1 << cve; + printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); +} -/* true if the CVE has been reverted **/ -bool IsReverted(const unsigned int cve); +inline void Revert(const char* cve) { +#define V(code, label, _) \ + if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); + SECURITY_REVERSIONS(V) +#undef V + printf("Error: Attempt to revert an unknown CVE [%s]\n", cve); + exit(12); +} -/* true if the CVE has been reverted **/ -bool IsReverted(const char * cve); +inline bool IsReverted(const reversion cve) { + return reverted & (1 << cve); +} + +inline bool IsReverted(const char* cve) { +#define V(code, label, _) \ + if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); + SECURITY_REVERSIONS(V) + return false; +#undef V +} } // namespace node