1 |
|
|
#ifndef SRC_NODE_REVERT_H_ |
2 |
|
|
#define SRC_NODE_REVERT_H_ |
3 |
|
|
|
4 |
|
|
#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
5 |
|
|
|
6 |
|
|
#include "node.h" |
7 |
|
|
|
8 |
|
|
/** |
9 |
|
|
* Note that it is expected for this list to vary across specific LTS and |
10 |
|
|
* Stable versions! Only CVE's whose fixes require *breaking* changes within |
11 |
|
|
* a given LTS or Stable may be added to this list, and only with TSC |
12 |
|
|
* consensus. |
13 |
|
|
* |
14 |
|
|
* For *master* this list should always be empty! |
15 |
|
|
**/ |
16 |
|
|
namespace node { |
17 |
|
|
|
18 |
|
|
#define SECURITY_REVERSIONS(XX) \ |
19 |
|
|
// XX(CVE_2016_PEND, "CVE-2016-PEND", "Vulnerability Title") |
20 |
|
|
|
21 |
|
|
enum reversion { |
22 |
|
|
#define V(code, ...) SECURITY_REVERT_##code, |
23 |
|
|
SECURITY_REVERSIONS(V) |
24 |
|
|
#undef V |
25 |
|
|
}; |
26 |
|
|
|
27 |
|
|
namespace per_process { |
28 |
|
|
extern unsigned int reverted_cve; |
29 |
|
|
} |
30 |
|
|
|
31 |
|
|
inline const char* RevertMessage(const reversion cve) { |
32 |
|
|
#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; |
33 |
|
|
switch (cve) { |
34 |
|
|
SECURITY_REVERSIONS(V) |
35 |
|
|
default: |
36 |
|
|
return "Unknown"; |
37 |
|
|
} |
38 |
|
|
#undef V |
39 |
|
|
} |
40 |
|
|
|
41 |
|
|
inline void Revert(const reversion cve) { |
42 |
|
|
per_process::reverted_cve |= 1 << cve; |
43 |
|
|
printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); |
44 |
|
|
} |
45 |
|
|
|
46 |
|
|
inline void Revert(const char* cve, std::string* error) { |
47 |
|
|
#define V(code, label, _) \ |
48 |
|
|
if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); |
49 |
|
|
SECURITY_REVERSIONS(V) |
50 |
|
|
#undef V |
51 |
|
|
*error = "Error: Attempt to revert an unknown CVE ["; |
52 |
|
|
*error += cve; |
53 |
|
|
*error += ']'; |
54 |
|
|
} |
55 |
|
|
|
56 |
|
|
inline bool IsReverted(const reversion cve) { |
57 |
|
|
return per_process::reverted_cve & (1 << cve); |
58 |
|
|
} |
59 |
|
|
|
60 |
|
|
inline bool IsReverted(const char* cve) { |
61 |
|
|
#define V(code, label, _) \ |
62 |
|
|
if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); |
63 |
|
|
SECURITY_REVERSIONS(V) |
64 |
|
|
return false; |
65 |
|
|
#undef V |
66 |
|
|
} |
67 |
|
|
|
68 |
|
|
} // namespace node |
69 |
|
|
|
70 |
|
|
#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS |
71 |
|
|
|
72 |
|
|
#endif // SRC_NODE_REVERT_H_ |