Skip to content

Commit

Permalink
worker: protect against user mutating well-known prototypes
Browse files Browse the repository at this point in the history
PR-URL: #49270
Fixes: #49259
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Matthew Aitken <maitken033380023@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
  • Loading branch information
aduh95 authored and targos committed Nov 26, 2023
1 parent 155a275 commit 879b958
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
9 changes: 5 additions & 4 deletions lib/internal/worker/io.js
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ const {
const {
kEmptyObject,
kEnumerableProperty,
setOwnProperty,
} = require('internal/util');

const {
Expand Down Expand Up @@ -302,15 +303,15 @@ function setupPortReferencing(port, eventEmitter, eventName) {
if (name === eventName) removeListener(eventEmitter.listenerCount(name));
});
const origNewListener = eventEmitter[kNewListener];
eventEmitter[kNewListener] = function(size, type, ...args) {
setOwnProperty(eventEmitter, kNewListener, function(size, type, ...args) {
if (type === eventName) newListener(size - 1);
return ReflectApply(origNewListener, this, arguments);
};
});
const origRemoveListener = eventEmitter[kRemoveListener];
eventEmitter[kRemoveListener] = function(size, type, ...args) {
setOwnProperty(eventEmitter, kRemoveListener, function(size, type, ...args) {
if (type === eventName) removeListener(size);
return ReflectApply(origRemoveListener, this, arguments);
};
});

function newListener(size) {
if (size === 0) {
Expand Down
3 changes: 3 additions & 0 deletions test/parallel/test-worker-message-channel.js
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ const common = require('../common');
const assert = require('assert');
const { MessageChannel, MessagePort, Worker } = require('worker_threads');

// Asserts that freezing the EventTarget prototype does not make the internal throw.
Object.freeze(EventTarget.prototype);

{
const channel = new MessageChannel();

Expand Down

0 comments on commit 879b958

Please sign in to comment.