-
Notifications
You must be signed in to change notification settings - Fork 30.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
null character as first character of path component crashes node #13787
Comments
I can't reproduce this:
|
I suspect it should be
|
I cannot reproduce on Windows 7 x64 with these versions: (click me):>node.4.8.3.v8-4.5.exe -p "require('\u0000abc')"
module.js:327
throw err;
^
Error: Cannot find module '
>node.6.11.0.v8-5.1.exe -p "require('\u0000abc')"
module.js:471
throw err;
^
Error: Cannot find module '
>node.8.0.0.v8-6.0.20170529.canary-base.exe -p "require('\u0000abc')"
module.js:500
throw err;
^
Error: Cannot find module '
>node.8.1.1.v8-5.8.20170613.exe -p "require('\u0000abc')"
module.js:487
throw err;
^
Error: Cannot find module '
>node.9.0.0.v8-5.9.20170618.nightly.exe -p "require('\u0000abc')"
module.js:487
throw err;
^
Error: Cannot find module '
>node.9.0.0.v8-6.1.20170618.v8-canary.exe -p "require('\u0000abc')"
module.js:487
throw err;
^
Error: Cannot find module ' |
I can reproduce on Node v6.10.3 on OS X. $ screenfetch
...
OS: 64bit Mac OS X 10.12.5 16F73
Kernel: x86_64 Darwin 16.6.0
...
$ node -e "require('\u0000abc')"
/Users/michal/.nvm/versions/node/v6.10.3/bin/node[5078]: ../src/node_file.cc:598:void node::InternalModuleReadFile(const FunctionCallbackInfo<v8::Value> &): Assertion `(numchars) >= (0)' failed.
1: node::Abort() [/Users/michal/.nvm/versions/node/v6.10.3/bin/node] |
Null char as the first char as the path component of first argument of require causes a node crash. Ignoring null and all chars after that in require path. Fixes: nodejs#13787
Null char as the first char as the path component of first argument of require causes a node crash. Ignoring null and all chars after that in require path. Fixes: nodejs#13787
@vsemozhetbyt How about this? $ node -e 'require("./\0abc")' |
@charmander I've reverted the quotes as node sees your variant as a string: (click me):>node.4.8.3.v8-4.5.exe -e "require('./\0abc')"
Assertion failed: (numchars) >= (0), file src\node_file.cc, line 492
>node.6.11.0.v8-5.1.exe -e "require('./\0abc')"
node.6.11.0.v8-5.1.exe: src\node_file.cc:598: Assertion `(numchars) >= (0)' failed.
>node.8.0.0.v8-6.0.20170529.canary-base.exe -e "require('./\0abc')"
node.8.0.0.v8-6.0.20170529.canary-base.exe: src\node_file.cc:523: Assertion `(numchars) >= (0)' failed.
>node.8.1.1.v8-5.8.20170613.exe -e "require('./\0abc')"
node.8.1.1.v8-5.8.20170613.exe: src\node_file.cc:527: Assertion `(numchars) >= (0)' failed.
>node.9.0.0.v8-5.9.20170618.nightly.exe -e "require('./\0abc')"
node.9.0.0.v8-5.9.20170618.nightly.exe: src\node_file.cc:527: Assertion `(numchars) >= (0)' failed.
>node.9.0.0.v8-6.1.20170618.v8-canary.exe -e "require('./\0abc')"
node.9.0.0.v8-6.1.20170618.v8-canary.exe: src\node_file.cc:527: Assertion `(numchars) >= (0)' failed. |
Null char as the first char as the path component of first argument of require causes a node crash. Ignoring null and all chars after that in require path. Fixes: nodejs#13787
Null char as the first char as the path component of first argument of require causes a node crash. Ignoring null and all chars after that in require path. Fixes: nodejs#13787
For anyone stumbling upon this issue, in-progress pull request here: #13788 |
There is one more pull requests is here(#8277) |
Still present in v8.4.0! nvm use v6.0.0 |
Throw an exception when the path contains nul bytes, don't abort. Fixes: nodejs#13787
Throw an exception when the path contains nul bytes, don't abort. Fixes: #13787 PR-URL: #14854 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Throw an exception when the path contains nul bytes, don't abort. Fixes: #13787 PR-URL: #14854 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Throw an exception when the path contains nul bytes, don't abort. Fixes: #13787 PR-URL: #14854 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
null character as first character of path component crashes node
require('\u0000abc')
causes node to crash.
This bug was found using fuzzer american fuzzy lop
Edit: Corrected \u0001 to \u0000
The text was updated successfully, but these errors were encountered: