mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1

fix: oob string read when parsing node_options (#46247)

Browse source 
* fix: oob string read when parsing node_options

Co-authored-by: deepak1556 <hop2deep@gmail.com>

* chore: re-enable test

Co-authored-by: deepak1556 <hop2deep@gmail.com>

* fix: missing linux server env for tests

Co-authored-by: deepak1556 <hop2deep@gmail.com>

---------

Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com>
Co-authored-by: deepak1556 <hop2deep@gmail.com>
This commit is contained in:
trop[bot] 2025-03-25 08:14:33 -05:00 committed by GitHub
parent 7ee88bbdcb
commit 6f3c9fcf99
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
7 changed files with 51 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

9
shell/common/node_bindings.cc
View file

@ -394,6 +394,7 @@ void SetNodeOptions(base::Environment* env) {
if (env->HasVar("NODE_OPTIONS")) {
if (electron::fuses::IsNodeOptionsEnabled()) {
std::string options;
std::string result_options;
env->GetVar("NODE_OPTIONS", &options);
const std::vector<std::string_view> parts = base::SplitStringPiece(
options, " ", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
@ -408,18 +409,20 @@ void SetNodeOptions(base::Environment* env) {
// Explicitly disallow majority of NODE_OPTIONS in packaged apps
LOG(ERROR) << "Most NODE_OPTIONs are not supported in packaged apps."
<< " See documentation for more details.";
options.erase(options.find(option), part.length());
continue;
} else if (disallowed.contains(option)) {
// Remove NODE_OPTIONS specifically disallowed for use in Node.js
// through Electron owing to constraints like BoringSSL.
LOG(ERROR) << "The NODE_OPTION " << option
<< " is not supported in Electron";
options.erase(options.find(option), part.length());
continue;
}
result_options.append(part);
result_options.append(" ");
}
// overwrite new NODE_OPTIONS without unsupported variables
env->SetVar("NODE_OPTIONS", options);
env->SetVar("NODE_OPTIONS", result_options);
} else {
LOG(WARNING) << "NODE_OPTIONS ignored due to disabled nodeOptions fuse.";
env->UnSetVar("NODE_OPTIONS");