nodejs/nodejs8
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nodejs8/CVE-2020-8265.patch
Adam Majer 4e7bcdb27e - npm-v6.14.13.tar.gz: update to npm 6.14.13 fixing 
* fixes ssri Regular Expression Denial of Service and
    hosted-git-info Regular Expression Denial of Service
    (bsc#1187976, bsc#1187977, CVE-2021-27290, CVE-2021-23362)
  * fixes  y18n Prototype Pollution (bsc#1184450, CVE-2020-7774)
  
- CVE-2020-15095.patch, minimist.patch: obsoleted by above

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs8?expand=0&rev=175
2021-07-06 15:07:41 +00:00

79 lines
2.6 KiB
Diff
Raw Permalink Blame History

commit 357e2857c8385c303782ced2ac8b568df06d4326
Author: Daniel Bevenius <daniel.bevenius@gmail.com>
Date: Wed Dec 2 18:20:24 2020 +0100
test: add test-tls-use-after-free-regression
This commit adds the test provided in pull request
https://github.com/nodejs-private/node-private/pull/230.
PR-URL: https://github.com/nodejs-private/node-private/pull/238
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Index: node-v8.17.0/test/parallel/test-tls-use-after-free-regression.js
===================================================================
--- /dev/null
+++ node-v8.17.0/test/parallel/test-tls-use-after-free-regression.js
@@ -0,0 +1,58 @@
+'use strict';
+
+const common = require('../common');
+
+if (!common.hasCrypto)
+ common.skip('missing crypto');
+
+const https = require('https');
+const tls = require('tls');
+
+const kMessage =
+ 'GET / HTTP/1.1\r\nHost: localhost\r\nConnection: Keep-alive\r\n\r\n';
+
+const key = `-----BEGIN EC PARAMETERS-----
+BggqhkjOPQMBBw==
+-----END EC PARAMETERS-----
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEIDKfHHbiJMdu2STyHL11fWC7psMY19/gUNpsUpkwgGACoAoGCCqGSM49
+AwEHoUQDQgAEItqm+pYj3Ca8bi5mBs+H8xSMxuW2JNn4I+kw3aREsetLk8pn3o81
+PWBiTdSZrGBGQSy+UAlQvYeE6Z/QXQk8aw==
+-----END EC PRIVATE KEY-----`;
+
+const cert = `-----BEGIN CERTIFICATE-----
+MIIBhjCCASsCFDJU1tCo88NYU//pE+DQKO9hUDsFMAoGCCqGSM49BAMCMEUxCzAJ
+BgNVBAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5l
+dCBXaWRnaXRzIFB0eSBMdGQwHhcNMjAwOTIyMDg1NDU5WhcNNDgwMjA3MDg1NDU5
+WjBFMQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwY
+SW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
+QgAEItqm+pYj3Ca8bi5mBs+H8xSMxuW2JNn4I+kw3aREsetLk8pn3o81PWBiTdSZ
+rGBGQSy+UAlQvYeE6Z/QXQk8azAKBggqhkjOPQQDAgNJADBGAiEA7Bdn4F87KqIe
+Y/ABy/XIXXpFUb2nyv3zV7POQi2lPcECIQC3UWLmfiedpiIKsf9YRIyO0uEood7+
+glj2R1NNr1X68w==
+-----END CERTIFICATE-----`;
+
+const server = https.createServer(
+ { key, cert },
+ common.mustCall((req, res) => {
+ res.writeHead(200);
+ res.end('boom goes the dynamite\n');
+ }, 3));
+
+server.listen(0, common.mustCall(() => {
+ const socket =
+ tls.connect(
+ server.address().port,
+ 'localhost',
+ { rejectUnauthorized: false },
+ common.mustCall(() => {
+ socket.write(kMessage);
+ socket.write(kMessage);
+ socket.write(kMessage);
+ }));
+
+ socket.on('data', common.mustCall(() => socket.destroy()));
+ socket.on('close', () => {
+ setImmediate(() => server.close());
+ });
+}));
Reference in New Issue View Git Blame Copy Permalink