Node.js JavaScript runtime 🐢🚀
 
 
 
 
 
 
Go to file
Ben Noordhuis 2c13cbbc0b crypto: fix uninitialized memory access in openssl
ASN1_STRING_to_UTF8() passes an ASN1_STRING to ASN1_STRING_set() but forgot to
initialize the `length` field.

Fixes the following valgrind error:

  $ valgrind -q --track-origins=yes --num-callers=19 \
      out/Debug/node test/simple/test-tls-client-abort.js
  ==2690== Conditional jump or move depends on uninitialised value(s)
  ==2690==    at 0x784B69: ASN1_STRING_set (asn1_lib.c:382)
  ==2690==    by 0x809564: ASN1_mbstring_ncopy (a_mbstr.c:204)
  ==2690==    by 0x8090F0: ASN1_mbstring_copy (a_mbstr.c:86)
  ==2690==    by 0x782F1F: ASN1_STRING_to_UTF8 (a_strex.c:570)
  ==2690==    by 0x78F090: asn1_string_canon (x_name.c:409)
  ==2690==    by 0x78EF17: x509_name_canon (x_name.c:354)
  ==2690==    by 0x78EA7D: x509_name_ex_d2i (x_name.c:210)
  ==2690==    by 0x788058: ASN1_item_ex_d2i (tasn_dec.c:239)
  ==2690==    by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
  ==2690==    by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
  ==2690==    by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
  ==2690==    by 0x7890D4: asn1_template_noexp_d2i (tasn_dec.c:746)
  ==2690==    by 0x788CB6: asn1_template_ex_d2i (tasn_dec.c:607)
  ==2690==    by 0x78877A: ASN1_item_ex_d2i (tasn_dec.c:448)
  ==2690==    by 0x787C93: ASN1_item_d2i (tasn_dec.c:136)
  ==2690==    by 0x78F5E4: d2i_X509 (x_x509.c:141)
  ==2690==    by 0x7C9B91: PEM_ASN1_read_bio (pem_oth.c:81)
  ==2690==    by 0x7CA506: PEM_read_bio_X509 (pem_x509.c:67)
  ==2690==    by 0x703C9A: node::crypto::SecureContext::AddRootCerts(v8::Arguments const&) (node_crypto.cc:497)
  ==2690==  Uninitialised value was created by a stack allocation
  ==2690==    at 0x782E89: ASN1_STRING_to_UTF8 (a_strex.c:560)
2012-08-15 02:15:47 +02:00
benchmark benchmark: add single process tls connection benchmark 2012-07-14 01:43:34 +02:00
deps crypto: fix uninitialized memory access in openssl 2012-08-15 02:15:47 +02:00
doc doc: remove unused util from child_process 2012-08-12 00:08:43 +02:00
lib tls: handle multiple CN fields when verifying cert 2012-08-12 21:48:26 +02:00
src buffer, crypto: fix buffer decoding 2012-08-14 23:00:09 +02:00
test test: raise pummel/test-net-throttle write req size 2012-08-14 23:11:28 +02:00
tools Makefile: add a better check to ensure a node "release" 2012-08-09 17:11:41 -07:00
.gitattributes Explicitly disable cr/lf conversion for test fixtures 2011-08-10 19:59:37 +02:00
.gitignore .gitignore: Don't ignore node_modules (breaks npm) 2012-07-10 16:16:43 -07:00
.mailmap Add a .mailmap file, and clean up AUTHORS somewhat 2012-07-09 16:55:09 +02:00
.travis.yml test: add `.travis.yml` for testing on Travis CI 2011-12-05 16:50:55 -08:00
AUTHORS 2012.08.07, Version 0.8.6 (Stable) 2012-08-07 11:56:58 -07:00
BSDmakefile Tell BSD users to run `gmake` instead. 2011-07-11 14:17:23 +02:00
ChangeLog 2012.08.07, Version 0.8.6 (Stable) 2012-08-07 11:56:58 -07:00
LICENSE Update npm's license 2012-06-18 18:08:45 -07:00
Makefile Makefile: add a better check to ensure a node "release" 2012-08-09 17:11:41 -07:00
README.md doc: build requires GNU make 3.81+ 2012-07-18 14:23:39 +02:00
common.gypi build: compile with -fno-tree-vrp when gcc >= 4.0 2012-08-13 15:33:27 +02:00
configure build: compile with -fno-tree-vrp when gcc >= 4.0 2012-08-13 15:33:27 +02:00
node.gyp always link sunos builds with libumem 2012-07-27 11:03:26 -07:00
vcbuild.bat vcbuild.bat: add duplicate arg-ok label to work around cmd.exe bug 2012-06-14 00:56:43 +02:00

README.md

Evented I/O for V8 javascript. Build Status

To build:

Unix/Macintosh. Requires python 2.6 or 2.7 and GNU make 3.81 or newer:

./configure
make
make install

Windows:

vcbuild.bat

To run the tests:

Unix/Macintosh:

make test

Windows:

vcbuild.bat test

To build the documentation:

make doc

To read the documentation:

man doc/node.1

Resources for Newcomers