Skip to content

Illegal access crash from if-modified-since header#179

Merged
jfhbrook merged 3 commits into
masterfrom
unknown repository
Dec 22, 2015
Merged

Illegal access crash from if-modified-since header#179
jfhbrook merged 3 commits into
masterfrom
unknown repository

Conversation

@ghost

@ghost ghost commented Dec 22, 2015

Copy link
Copy Markdown

node inherits a bug from v8 where some dates raise exceptions instead of returning an Invalid Date object:

$ node
> new Date('275760-09-12')
Fri Sep 12 275760 00:00:00 GMT-0400 (EDT)
> new Date('275760-09-13')
Invalid Date
> new Date('275760-09-23')
Invalid Date
> new Date('275760-09-24')
illegal access
> new Date('275760-10-13')
illegal access
> new Date('275760-10-14')
Invalid Date
> ^D
$ node -v
v4.2.1

Knowing this, it's possible to crash ecstatic by sending a malicious If-Modified-Since header:

$ mkdir /tmp/xyz
$ echo '<h1>doot doot</h1>' > /tmp/xyz/index.html
$ ecstatic -p 5000 /tmp/xyz &
[1] 11994
$ curl -H if-modified-since:275760-09-24 http://localhost:5000/index.html

/home/substack/projects/node-ecstatic/lib/ecstatic.js:280
      if (modifiedSince && (new Date(Date.parse(modifiedSince))) < stat.mtime) {
                                          ^
illegal access
curl: (52) Empty reply from server
[1]+  Exit 1                  ecstatic -p 5000 /tmp/xyz

This patch guards the Date instance with a try/catch to prevent these v8 bugs from bringing down ecstatic.

@ghost

ghost commented Dec 22, 2015

Copy link
Copy Markdown
Author

I submitted this bug upstream to v8: https://bugs.chromium.org/p/v8/issues/detail?id=4640

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant