11cb0ef41Sopenharmony_ci#ifndef SRC_NODE_REVERT_H_ 21cb0ef41Sopenharmony_ci#define SRC_NODE_REVERT_H_ 31cb0ef41Sopenharmony_ci 41cb0ef41Sopenharmony_ci#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 51cb0ef41Sopenharmony_ci 61cb0ef41Sopenharmony_ci#include "node.h" 71cb0ef41Sopenharmony_ci 81cb0ef41Sopenharmony_ci/** 91cb0ef41Sopenharmony_ci * Note that it is expected for this list to vary across specific LTS and 101cb0ef41Sopenharmony_ci * Stable versions! Only CVE's whose fixes require *breaking* changes within 111cb0ef41Sopenharmony_ci * a given LTS or Stable may be added to this list, and only with TSC 121cb0ef41Sopenharmony_ci * consensus. 131cb0ef41Sopenharmony_ci * 141cb0ef41Sopenharmony_ci * For *master* this list should always be empty! 151cb0ef41Sopenharmony_ci **/ 161cb0ef41Sopenharmony_cinamespace node { 171cb0ef41Sopenharmony_ci 181cb0ef41Sopenharmony_ci#define SECURITY_REVERSIONS(XX) \ 191cb0ef41Sopenharmony_ci XX(CVE_2023_46809, "CVE-2023-46809", "Marvin attack on PKCS#1 padding") 201cb0ef41Sopenharmony_ci 211cb0ef41Sopenharmony_cienum reversion { 221cb0ef41Sopenharmony_ci#define V(code, ...) SECURITY_REVERT_##code, 231cb0ef41Sopenharmony_ci SECURITY_REVERSIONS(V) 241cb0ef41Sopenharmony_ci#undef V 251cb0ef41Sopenharmony_ci}; 261cb0ef41Sopenharmony_ci 271cb0ef41Sopenharmony_cinamespace per_process { 281cb0ef41Sopenharmony_ciextern unsigned int reverted_cve; 291cb0ef41Sopenharmony_ci} 301cb0ef41Sopenharmony_ci 311cb0ef41Sopenharmony_ci#ifdef _MSC_VER 321cb0ef41Sopenharmony_ci#pragma warning(push) 331cb0ef41Sopenharmony_ci// MSVC C4065: switch statement contains 'default' but no 'case' labels 341cb0ef41Sopenharmony_ci#pragma warning(disable : 4065) 351cb0ef41Sopenharmony_ci#endif 361cb0ef41Sopenharmony_ci 371cb0ef41Sopenharmony_ciinline const char* RevertMessage(const reversion cve) { 381cb0ef41Sopenharmony_ci#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg; 391cb0ef41Sopenharmony_ci switch (cve) { 401cb0ef41Sopenharmony_ci SECURITY_REVERSIONS(V) 411cb0ef41Sopenharmony_ci default: 421cb0ef41Sopenharmony_ci return "Unknown"; 431cb0ef41Sopenharmony_ci } 441cb0ef41Sopenharmony_ci#undef V 451cb0ef41Sopenharmony_ci} 461cb0ef41Sopenharmony_ci 471cb0ef41Sopenharmony_ci#ifdef _MSC_VER 481cb0ef41Sopenharmony_ci#pragma warning(pop) 491cb0ef41Sopenharmony_ci#endif 501cb0ef41Sopenharmony_ci 511cb0ef41Sopenharmony_ciinline void Revert(const reversion cve) { 521cb0ef41Sopenharmony_ci per_process::reverted_cve |= 1 << cve; 531cb0ef41Sopenharmony_ci printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve)); 541cb0ef41Sopenharmony_ci} 551cb0ef41Sopenharmony_ci 561cb0ef41Sopenharmony_ciinline void Revert(const char* cve, std::string* error) { 571cb0ef41Sopenharmony_ci#define V(code, label, _) \ 581cb0ef41Sopenharmony_ci if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code); 591cb0ef41Sopenharmony_ci SECURITY_REVERSIONS(V) 601cb0ef41Sopenharmony_ci#undef V 611cb0ef41Sopenharmony_ci *error = "Error: Attempt to revert an unknown CVE ["; 621cb0ef41Sopenharmony_ci *error += cve; 631cb0ef41Sopenharmony_ci *error += ']'; 641cb0ef41Sopenharmony_ci} 651cb0ef41Sopenharmony_ci 661cb0ef41Sopenharmony_ciinline bool IsReverted(const reversion cve) { 671cb0ef41Sopenharmony_ci return per_process::reverted_cve & (1 << cve); 681cb0ef41Sopenharmony_ci} 691cb0ef41Sopenharmony_ci 701cb0ef41Sopenharmony_ciinline bool IsReverted(const char* cve) { 711cb0ef41Sopenharmony_ci#define V(code, label, _) \ 721cb0ef41Sopenharmony_ci if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code); 731cb0ef41Sopenharmony_ci SECURITY_REVERSIONS(V) 741cb0ef41Sopenharmony_ci return false; 751cb0ef41Sopenharmony_ci#undef V 761cb0ef41Sopenharmony_ci} 771cb0ef41Sopenharmony_ci 781cb0ef41Sopenharmony_ci} // namespace node 791cb0ef41Sopenharmony_ci 801cb0ef41Sopenharmony_ci#endif // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS 811cb0ef41Sopenharmony_ci 821cb0ef41Sopenharmony_ci#endif // SRC_NODE_REVERT_H_ 83