From 0179c6dc8f893b684dba4bf0996d2d6abf155ac5 Mon Sep 17 00:00:00 2001
From: Antoine du Hamel <duhamelantoine1995@gmail.com>
Date: Wed, 23 Aug 2023 11:06:51 +0200
Subject: [PATCH] worker: protect against user mutating well-known prototypes

PR-URL: https://github.com/nodejs/node/pull/49270
Fixes: https://github.com/nodejs/node/issues/49259
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
---
 lib/internal/worker/io.js                    | 9 +++++----
 test/parallel/test-worker-message-channel.js | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/lib/internal/worker/io.js b/lib/internal/worker/io.js
index f3dce214c8a5c1..6f4348f11d2ddb 100644
--- a/lib/internal/worker/io.js
+++ b/lib/internal/worker/io.js
@@ -22,6 +22,7 @@ const {
 const {
   kEmptyObject,
   kEnumerableProperty,
+  setOwnProperty,
 } = require('internal/util');
 
 const {
@@ -302,15 +303,15 @@ function setupPortReferencing(port, eventEmitter, eventName) {
     if (name === eventName) removeListener(eventEmitter.listenerCount(name));
   });
   const origNewListener = eventEmitter[kNewListener];
-  eventEmitter[kNewListener] = function(size, type, ...args) {
+  setOwnProperty(eventEmitter, kNewListener, function(size, type, ...args) {
     if (type === eventName) newListener(size - 1);
     return ReflectApply(origNewListener, this, arguments);
-  };
+  });
   const origRemoveListener = eventEmitter[kRemoveListener];
-  eventEmitter[kRemoveListener] = function(size, type, ...args) {
+  setOwnProperty(eventEmitter, kRemoveListener, function(size, type, ...args) {
     if (type === eventName) removeListener(size);
     return ReflectApply(origRemoveListener, this, arguments);
-  };
+  });
 
   function newListener(size) {
     if (size === 0) {
diff --git a/test/parallel/test-worker-message-channel.js b/test/parallel/test-worker-message-channel.js
index 8f66ef87e6e3d4..1d7550753932e7 100644
--- a/test/parallel/test-worker-message-channel.js
+++ b/test/parallel/test-worker-message-channel.js
@@ -3,6 +3,9 @@ const common = require('../common');
 const assert = require('assert');
 const { MessageChannel, MessagePort, Worker } = require('worker_threads');
 
+// Asserts that freezing the EventTarget prototype does not make the internal throw.
+Object.freeze(EventTarget.prototype);
+
 {
   const channel = new MessageChannel();