xref: /third_party/node/src/node_revert.h (revision 1cb0ef41) 
1#ifndef SRC_NODE_REVERT_H_
2#define SRC_NODE_REVERT_H_
3
4#if defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
5
6#include "node.h"
7
8/**
9 * Note that it is expected for this list to vary across specific LTS and
10 * Stable versions! Only CVE's whose fixes require *breaking* changes within
11 * a given LTS or Stable may be added to this list, and only with TSC
12 * consensus.
13 *
14 * For *master* this list should always be empty!
15 **/
16namespace node {
17
18#define SECURITY_REVERSIONS(XX)                                                \
19  XX(CVE_2023_46809, "CVE-2023-46809", "Marvin attack on PKCS#1 padding")
20
21enum reversion {
22#define V(code, ...) SECURITY_REVERT_##code,
23  SECURITY_REVERSIONS(V)
24#undef V
25};
26
27namespace per_process {
28extern unsigned int reverted_cve;
29}
30
31#ifdef _MSC_VER
32#pragma warning(push)
33// MSVC C4065: switch statement contains 'default' but no 'case' labels
34#pragma warning(disable : 4065)
35#endif
36
37inline const char* RevertMessage(const reversion cve) {
38#define V(code, label, msg) case SECURITY_REVERT_##code: return label ": " msg;
39  switch (cve) {
40    SECURITY_REVERSIONS(V)
41    default:
42      return "Unknown";
43  }
44#undef V
45}
46
47#ifdef _MSC_VER
48#pragma warning(pop)
49#endif
50
51inline void Revert(const reversion cve) {
52  per_process::reverted_cve |= 1 << cve;
53  printf("SECURITY WARNING: Reverting %s\n", RevertMessage(cve));
54}
55
56inline void Revert(const char* cve, std::string* error) {
57#define V(code, label, _)                                                     \
58  if (strcmp(cve, label) == 0) return Revert(SECURITY_REVERT_##code);
59  SECURITY_REVERSIONS(V)
60#undef V
61  *error = "Error: Attempt to revert an unknown CVE [";
62  *error += cve;
63  *error += ']';
64}
65
66inline bool IsReverted(const reversion cve) {
67  return per_process::reverted_cve & (1 << cve);
68}
69
70inline bool IsReverted(const char* cve) {
71#define V(code, label, _)                                                     \
72  if (strcmp(cve, label) == 0) return IsReverted(SECURITY_REVERT_##code);
73  SECURITY_REVERSIONS(V)
74  return false;
75#undef V
76}
77
78}  // namespace node
79
80#endif  // defined(NODE_WANT_INTERNALS) && NODE_WANT_INTERNALS
81
82#endif  // SRC_NODE_REVERT_H_
83