File CVE-2018-12120.patch of Package nodejs4
Date: Tue Jan 8 13:44:29 CET 2019
Ported from,
From a9791c9090927b41a8bbfad254a2279204508059 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 15 Aug 2016 11:23:34 +0200
Subject: [PATCH] src: make debugger listen on 127.0.0.1 by default
CVE-2018-12120
Backport of 8e7cbe2 to v6.x
Prepared by Sam Roberts <vieuxtech@gmail.com>
Original commit:
Commit 2272052 ("net: bind to `::` TCP address by default") from
April 2014 seems to have accidentally changed the default listen
address from 127.0.0.1 to 0.0.0.0, a.k.a. the "any" address.
From a security viewpoint it's undesirable to accept debug agent
connections from anywhere so let's change that back. Users can
override the default with the `--debug=<host>:<port>` switch.
Fixes: https://github.com/nodejs/node/issues/8081
PR-URL: https://github.com/nodejs/node/pull/8106
Reviewed-By: James M Snell <jasnell@gmail.com>
PR-URL: https://github.com/nodejs-private/node-private/pull/148
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Index: node-v4.9.1/src/debug-agent.cc
===================================================================
--- node-v4.9.1.orig/src/debug-agent.cc
+++ node-v4.9.1/src/debug-agent.cc
@@ -70,7 +70,7 @@ Agent::~Agent() {
}
-bool Agent::Start(const std::string& host, int port, bool wait) {
+bool Agent::Start(const char* host, int port, bool wait) {
int err;
if (state_ == kRunning)
Index: node-v4.9.1/src/debug-agent.h
===================================================================
--- node-v4.9.1.orig/src/debug-agent.h
+++ node-v4.9.1/src/debug-agent.h
@@ -74,7 +74,7 @@ class Agent {
typedef void (*DispatchHandler)(node::Environment* env);
// Start the debugger agent thread
- bool Start(const std::string& host, int port, bool wait);
+ bool Start(const char* host, int port, bool wait);
// Listen for debug events
void Enable();
// Stop the debugger agent
Index: node-v4.9.1/src/node.cc
===================================================================
--- node-v4.9.1.orig/src/node.cc
+++ node-v4.9.1/src/node.cc
@@ -143,7 +143,7 @@ static unsigned int preload_module_count
static const char** preload_modules = nullptr;
static bool use_debug_agent = false;
static bool debug_wait_connect = false;
-static std::string debug_host; // NOLINT(runtime/string)
+static std::string* debug_host; // coverity[leaked_storage]
static int debug_port = 5858;
static bool prof_process = false;
static bool v8_is_profiling = false;
@@ -3346,7 +3346,7 @@ static bool ParseDebugOpt(const char* ar
return true;
}
- std::string* const the_host = &debug_host;
+ std::string** const the_host = &debug_host;
int* const the_port = &debug_port;
// FIXME(bnoordhuis) Move IPv6 address parsing logic to lib/net.js.
@@ -3354,7 +3354,7 @@ static bool ParseDebugOpt(const char* ar
// in net.Server#listen() and net.Socket#connect().
const size_t port_len = strlen(port);
if (port[0] == '[' && port[port_len - 1] == ']') {
- the_host->assign(port + 1, port_len - 2);
+ *the_host = new std::string(port + 1, port_len - 2);
return true;
}
@@ -3364,13 +3364,13 @@ static bool ParseDebugOpt(const char* ar
// if it's not all decimal digits, it's a host name.
for (size_t n = 0; port[n] != '\0'; n += 1) {
if (port[n] < '0' || port[n] > '9') {
- *the_host = port;
+ *the_host = new std::string(port);
return true;
}
}
} else {
const bool skip = (colon > port && port[0] == '[' && colon[-1] == ']');
- the_host->assign(port + skip, colon - skip);
+ *the_host = new std::string(port + skip, colon - skip);
}
char* endptr;
@@ -3622,11 +3622,12 @@ static void StartDebug(Environment* env,
env->debugger_agent()->set_dispatch_handler(
DispatchMessagesDebugAgentCallback);
+ const char* host = debug_host ? debug_host->c_str() : "127.0.0.1";
debugger_running =
- env->debugger_agent()->Start(debug_host, debug_port, wait);
+ env->debugger_agent()->Start(host, debug_port, wait);
if (debugger_running == false) {
fprintf(stderr, "Starting debugger on %s:%d failed\n",
- debug_host.c_str(), debug_port);
+ host, debug_port);
fflush(stderr);
return;
}
Index: node-v4.9.1/test/sequential/test-debug-host-port.js
===================================================================
--- node-v4.9.1.orig/test/sequential/test-debug-host-port.js
+++ node-v4.9.1/test/sequential/test-debug-host-port.js
@@ -5,7 +5,7 @@ const assert = require('assert');
const spawn = require('child_process').spawn;
let run = () => {};
-function test(args, re) {
+function test(args, needle) {
const next = run;
run = () => {
const options = {encoding: 'utf8'};
@@ -14,34 +14,32 @@ function test(args, re) {
proc.stderr.setEncoding('utf8');
proc.stderr.on('data', (data) => {
stderr += data;
- if (re.test(stderr)) proc.kill();
+ if (stderr.includes(needle)) proc.kill();
});
proc.on('exit', common.mustCall(() => {
- assert(re.test(stderr));
+ assert(stderr.includes(needle));
next();
}));
};
}
-test(['--debug-brk'], /Debugger listening on (\[::\]|0\.0\.0\.0):5858/);
-test(['--debug-brk=1234'], /Debugger listening on (\[::\]|0\.0\.0\.0):1234/);
-test(['--debug-brk=127.0.0.1'], /Debugger listening on 127\.0\.0\.1:5858/);
-test(['--debug-brk=127.0.0.1:1234'], /Debugger listening on 127\.0\.0\.1:1234/);
-test(['--debug-brk=localhost'],
- /Debugger listening on (\[::\]|127\.0\.0\.1):5858/);
-test(['--debug-brk=localhost:1234'],
- /Debugger listening on (\[::\]|127\.0\.0\.1):1234/);
+test(['--debug-brk'], 'Debugger listening on 127.0.0.1:5858');
+test(['--debug-brk=1234'], 'Debugger listening on 127.0.0.1:1234');
+test(['--debug-brk=0.0.0.0'], 'Debugger listening on 0.0.0.0:5858');
+test(['--debug-brk=0.0.0.0:1234'], 'Debugger listening on 0.0.0.0:1234');
+test(['--debug-brk=localhost'], 'Debugger listening on 127.0.0.1:5858');
+test(['--debug-brk=localhost:1234'], 'Debugger listening on 127.0.0.1:1234');
if (common.hasIPv6) {
- test(['--debug-brk=::'], /Debug port must be in range 1024 to 65535/);
- test(['--debug-brk=::0'], /Debug port must be in range 1024 to 65535/);
- test(['--debug-brk=::1'], /Debug port must be in range 1024 to 65535/);
- test(['--debug-brk=[::]'], /Debugger listening on \[::\]:5858/);
- test(['--debug-brk=[::0]'], /Debugger listening on \[::\]:5858/);
- test(['--debug-brk=[::]:1234'], /Debugger listening on \[::\]:1234/);
- test(['--debug-brk=[::0]:1234'], /Debugger listening on \[::\]:1234/);
+ test(['--debug-brk=::'], 'Debug port must be in range 1024 to 65535');
+ test(['--debug-brk=::0'], 'Debug port must be in range 1024 to 65535');
+ test(['--debug-brk=::1'], 'Debug port must be in range 1024 to 65535');
+ test(['--debug-brk=[::]'], 'Debugger listening on [::]:5858');
+ test(['--debug-brk=[::0]'], 'Debugger listening on [::]:5858');
+ test(['--debug-brk=[::]:1234'], 'Debugger listening on [::]:1234');
+ test(['--debug-brk=[::0]:1234'], 'Debugger listening on [::]:1234');
test(['--debug-brk=[::ffff:127.0.0.1]:1234'],
- /Debugger listening on \[::ffff:127\.0\.0\.1\]:1234/);
+ 'Debugger listening on [::ffff:127.0.0.1]:1234');
}
run(); // Runs tests in reverse order.
Index: node-v4.9.1/test/parallel/test-debug-port-cluster.js
===================================================================
--- node-v4.9.1.orig/test/parallel/test-debug-port-cluster.js
+++ node-v4.9.1/test/parallel/test-debug-port-cluster.js
@@ -16,8 +16,7 @@ child.stderr.setEncoding('utf8');
const checkMessages = common.mustCall(() => {
for (let port = PORT_MIN; port <= PORT_MAX; port += 1) {
- const re = RegExp(`Debugger listening on (\\[::\\]|0\\.0\\.0\\.0):${port}`);
- assert(re.test(stderr));
+ const re = stderr.includes(`Debugger listening on 127.0.0.1:${port}`);
}
});
Index: node-v4.9.1/test/parallel/test-debug-port-from-cmdline.js
===================================================================
--- node-v4.9.1.orig/test/parallel/test-debug-port-from-cmdline.js
+++ node-v4.9.1/test/parallel/test-debug-port-from-cmdline.js
@@ -39,10 +39,10 @@ function processStderrLine(line) {
function assertOutputLines() {
var expectedLines = [
'Starting debugger agent.',
- 'Debugger listening on (\\[::\\]|0\\.0\\.0\\.0):' + debugPort,
+ 'Debugger listening on 127.0.0.1:' + debugPort,
];
assert.strictEqual(outputLines.length, expectedLines.length);
for (var i = 0; i < expectedLines.length; i++)
- assert(RegExp(expectedLines[i]).test(outputLines[i]));
+ assert(expectedLines[i].includes(outputLines[i]));
}
Index: node-v4.9.1/test/parallel/test-debug-port-numbers.js
===================================================================
--- node-v4.9.1.orig/test/parallel/test-debug-port-numbers.js
+++ node-v4.9.1/test/parallel/test-debug-port-numbers.js
@@ -52,10 +52,7 @@ function kill(child) {
process.on('exit', function() {
for (const child of children) {
- const port = child.test.port;
- const one = RegExp(`Debugger listening on (\\[::\\]|0\.0\.0\.0):${port}`);
- const two = RegExp(`connecting to 127.0.0.1:${port}`);
- assert(one.test(child.test.stdout));
- assert(two.test(child.test.stdout));
+ assert(child.test.stdout.includes(`Debugger listening on 127.0.0.1:${child.test.port}`));
+ assert(child.test.stdout.includes(`connecting to 127.0.0.1:${child.test.port}`));
}
});
Index: node-v4.9.1/test/parallel/test-debug-signal-cluster.js
===================================================================
--- node-v4.9.1.orig/test/parallel/test-debug-signal-cluster.js
+++ node-v4.9.1/test/parallel/test-debug-signal-cluster.js
@@ -61,11 +61,11 @@ process.on('exit', function onExit() {
const expectedLines = [
'Starting debugger agent.',
- 'Debugger listening on (\\[::\\]|0\\.0\\.0\\.0):' + (port + 0),
+ 'Debugger listening on 127.0.0.1:' + (port + 0),
'Starting debugger agent.',
- 'Debugger listening on (\\[::\\]|0\\.0\\.0\\.0):' + (port + 1),
+ 'Debugger listening on 127.0.0.1:' + (port + 1),
'Starting debugger agent.',
- 'Debugger listening on (\\[::\\]|0\\.0\\.0\\.0):' + (port + 2),
+ 'Debugger listening on 127.0.0.1:' + (port + 2),
];
function assertOutputLines() {
@@ -77,5 +77,5 @@ function assertOutputLines() {
assert.equal(outputLines.length, expectedLines.length);
for (var i = 0; i < expectedLines.length; i++)
- assert(RegExp(expectedLines[i]).test(outputLines[i]));
+ assert(expectedLines[i].includes(outputLines[i]));
}
