Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Illegal access crash from if-modified-since header #179

Merged
merged 3 commits into from Dec 22, 2015
Merged

Illegal access crash from if-modified-since header #179

merged 3 commits into from Dec 22, 2015

Conversation

ghost
Copy link

@ghost ghost commented Dec 22, 2015

node inherits a bug from v8 where some dates raise exceptions instead of returning an Invalid Date object:

$ node
> new Date('275760-09-12')
Fri Sep 12 275760 00:00:00 GMT-0400 (EDT)
> new Date('275760-09-13')
Invalid Date
> new Date('275760-09-23')
Invalid Date
> new Date('275760-09-24')
illegal access
> new Date('275760-10-13')
illegal access
> new Date('275760-10-14')
Invalid Date
> ^D
$ node -v
v4.2.1

Knowing this, it's possible to crash ecstatic by sending a malicious If-Modified-Since header:

$ mkdir /tmp/xyz
$ echo '<h1>doot doot</h1>' > /tmp/xyz/index.html
$ ecstatic -p 5000 /tmp/xyz &
[1] 11994
$ curl -H if-modified-since:275760-09-24 http://localhost:5000/index.html

/home/substack/projects/node-ecstatic/lib/ecstatic.js:280
      if (modifiedSince && (new Date(Date.parse(modifiedSince))) < stat.mtime) {
                                          ^
illegal access
curl: (52) Empty reply from server
[1]+  Exit 1                  ecstatic -p 5000 /tmp/xyz

This patch guards the Date instance with a try/catch to prevent these v8 bugs from bringing down ecstatic.

@ghost
Copy link
Author

ghost commented Dec 22, 2015

I submitted this bug upstream to v8: https://bugs.chromium.org/p/v8/issues/detail?id=4640

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant