From ffed7b6e6699deeca18b15bd5f59b4bc97f612e7 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Wed, 16 Aug 2017 11:46:55 +0200 Subject: [PATCH] src: detect nul bytes in InternalModuleReadFile() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Throw an exception when the path contains nul bytes, don't abort. Fixes: https://github.com/nodejs/node/issues/13787 PR-URL: https://github.com/nodejs/node/pull/14854 Reviewed-By: James M Snell Reviewed-By: Tobias Nießen Reviewed-By: Timothy Gu Reviewed-By: Colin Ihrig Reviewed-By: Anna Henningsen --- src/node_file.cc | 3 +++ test/parallel/test-require-nul.js | 9 +++++++++ 2 files changed, 12 insertions(+) create mode 100644 test/parallel/test-require-nul.js diff --git a/src/node_file.cc b/src/node_file.cc index beaf581afca0ff..9e0553a7a579a0 100644 --- a/src/node_file.cc +++ b/src/node_file.cc @@ -503,6 +503,9 @@ static void InternalModuleReadFile(const FunctionCallbackInfo& args) { CHECK(args[0]->IsString()); node::Utf8Value path(env->isolate(), args[0]); + if (strlen(*path) != path.length()) + return; // Contains a nul byte. + uv_fs_t open_req; const int fd = uv_fs_open(loop, &open_req, *path, O_RDONLY, 0, nullptr); uv_fs_req_cleanup(&open_req); diff --git a/test/parallel/test-require-nul.js b/test/parallel/test-require-nul.js new file mode 100644 index 00000000000000..0c5cb7018d47fc --- /dev/null +++ b/test/parallel/test-require-nul.js @@ -0,0 +1,9 @@ +'use strict'; + +require('../common'); +const assert = require('assert'); + +// Nul bytes should throw, not abort. +assert.throws(() => require('\u0000ab'), /Cannot find module '\u0000ab'/); +assert.throws(() => require('a\u0000b'), /Cannot find module 'a\u0000b'/); +assert.throws(() => require('ab\u0000'), /Cannot find module 'ab\u0000'/);