path: fix win32 relative() when "to" is a prefix #5456
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@mscdex I'm not sure about UNC paths, which the tests are currently lacking Edit: yeah, my change appears to break |
|
UNC paths should work just as well, it would probably be good to add at least a test for that too. Also it might be good to add a test with reversed inputs: |
| if (fromLen > length) { | ||
| if (from.charCodeAt(fromStart + i) === 92/*\*/) { | ||
| // We get here if `to` is the exact base path for `from`. | ||
| // For example: from:='C:\\foo\\bar'; to='C:\\foo' |
|
Discrepancy in EDIT: Also omsmith bit-buster | Fri Feb 26 at 15:24:10
/home/omsmith ~ node -v
v5.7.0
omsmith bit-buster | Fri Feb 26 at 15:24:16
/home/omsmith ~ node
> path.win32.normalize('\\\\foo\\bar')
'\\\\foo\\bar\\'
> path.win32.normalize('\\\\foo\\bar\\baz')
'\\\\foo\\bar\\baz' |
|
Yeah, I think for --- /tmp/H9mE2i_path.js
+++ /home/mscdex/git/node/lib/path.js
@@ -586,6 +586,10 @@
break;
}
var fromEnd = from.length;
+ for (; fromEnd - 1 > fromStart; --fromEnd) {
+ if (from.charCodeAt(fromEnd - 1) !== 92/*\*/)
+ break;
+ }
var fromLen = (fromEnd - fromStart);
// Trim any leading backslashes
@@ -595,6 +599,10 @@
break;
}
var toEnd = to.length;
+ for (; toEnd - 1 > toStart; --toEnd) {
+ if (to.charCodeAt(toEnd - 1) !== 92/*\*/)
+ break;
+ }
var toLen = (toEnd - toStart);
// Compare paths to find the longest common path from root
@@ -648,12 +656,12 @@
// Lastly, append the rest of the destination (`to`) path that comes after
// the common path parts
if (out.length > 0)
- return out + toOrig.slice(toStart + lastCommonSep);
+ return out + toOrig.slice(toStart + lastCommonSep, toEnd);
else {
toStart += lastCommonSep;
if (toOrig.charCodeAt(toStart) === 92/*\*/)
++toStart;
- return toOrig.slice(toStart);
+ return toOrig.slice(toStart, toEnd);
}
}, |
|
That fixes it, will get the PR updated |
omsmith
force-pushed
the
path-win32-fix-relative
branch
from
305c2cb
to
e52f14e
Compare
|
Ping @mscdex |
| @@ -586,6 +586,10 @@ const win32 = { | |||
| break; | |||
| } | |||
| var fromEnd = from.length; | |||
| for (; fromEnd - 1 > fromStart; --fromEnd) { | |||
There was a problem hiding this comment.
I forgot to add a comment here and for the other loop below for completeness. If you could, just add something like "Trim trailing slashes (applicable to UNC paths only)".
omsmith
force-pushed
the
path-win32-fix-relative
branch
from
e52f14e
to
f340451
Compare
|
CI is all green. LGTM |
|
LGTM |
|
@omsmith need a rebase! |
when the basename of "to" was a prefix of the basename of "from" win32 relative() would miss including it in the result Fixes nodejs#5447
win32 normalize() will output a trailing '\' for some UNC paths. trim them before processing Change by @mscdex Add basic UNC path tests to win32 relative()
adds posix test cases for paths similar to those that caused nodejs#5447
omsmith
force-pushed
the
path-win32-fix-relative
branch
from
f340451
to
e3f3679
Compare
|
@silverwind done. only conflict was in path.posix. |
silverwind
pushed a commit
that referenced
this pull request
Feb 27, 2016
when the basename of "to" was a prefix of the basename of "from" win32 relative() would miss including it in the result Fixes: #5447 PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
silverwind
pushed a commit
that referenced
this pull request
Feb 27, 2016
win32 normalize() will output a trailing '\' for some UNC paths. trim them before processing Change by @mscdex Add basic UNC path tests to win32 relative() PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
silverwind
pushed a commit
that referenced
this pull request
Feb 27, 2016
adds posix test cases for paths similar to those that caused #5447 PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
rvagg
pushed a commit
that referenced
this pull request
Feb 28, 2016
when the basename of "to" was a prefix of the basename of "from" win32 relative() would miss including it in the result Fixes: #5447 PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
rvagg
pushed a commit
that referenced
this pull request
Feb 28, 2016
win32 normalize() will output a trailing '\' for some UNC paths. trim them before processing Change by @mscdex Add basic UNC path tests to win32 relative() PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
rvagg
pushed a commit
that referenced
this pull request
Feb 28, 2016
adds posix test cases for paths similar to those that caused #5447 PR-URL: #5456 Reviewed-By: Brian White <[email protected]> Reviewed-By: Roman Reiss <[email protected]>
|
@mscdex ... is this relevant for v4? |
|
@jasnell This is only relevant if my original path perf PR is landed. |
Fishrock123
added a commit
that referenced
this pull request
Mar 2, 2016
Notable changes: * governance: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda). * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) #5507 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 * Fixed several regressions that appeared in v5.7.0: - path.relative(): - Output is no longer unnecessarily verbose (Brian White) #5389 - Resolving UNC paths on Windows now works correctly (Owen Smith) #5456 - Resolving paths with prefixes now works correctly from the root directory (Owen Smith) #5490 - url: Fixed an off-by-one error with `parse()` (Brian White) #5394 - dgram: Now correctly handles a default address case when offset and length are specified (Matteo Collina) #5407 PR-URL: #5464
Fishrock123
added a commit
to Fishrock123/node
that referenced
this pull request
Mar 2, 2016
Notable changes: * governance: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda). * openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) nodejs#5507 - Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0705 - Fix a defect that can cause memory corruption in certain very rare cases relating to the internal `BN_hex2bn()` and `BN_dec2bn()` functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are _unlikely_ to be possible. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0797 - Fix a defect that makes the CacheBleed Attack (https://ssrg.nicta.com.au/projects/TS/cachebleed/) possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at https://www.openssl.org/news/vulnerabilities.html#2016-0702 * Fixed several regressions that appeared in v5.7.0: - path.relative(): - Output is no longer unnecessarily verbose (Brian White) nodejs#5389 - Resolving UNC paths on Windows now works correctly (Owen Smith) nodejs#5456 - Resolving paths with prefixes now works correctly from the root directory (Owen Smith) nodejs#5490 - url: Fixed an off-by-one error with `parse()` (Brian White) nodejs#5394 - dgram: Now correctly handles a default address case when offset and length are specified (Matteo Collina) nodejs#5407 PR-URL: nodejs#5464
|
Adding a dont-land-on-v4.x flag as I do not believe we will be landing the path fixes |
|
@thealphanerd if we end up landing the |
|
@rvagg this was an exact problem that we dealt with in the past... I'm spacing on the regression, but we ended up missing one and that caused some nastiness to affect v4 This was my reasoning for setting the path changes to dont-land to begin with. Perhaps we need to make a new tool + meta data (such as fixes-regresssion-from:) to make it easier to keep track of this stuff moving forward |
|
I'm thinking that we need a way of tracking Refs between PRs via additional metdata. Something like a |
|
@thealphanerd ... curious why the lts-watch was added and the dont-land was removed immediately after you added the dont land. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request check-list
Please make sure to review and check all of these items:
make -j8 test(UNIX) orvcbuild test nosign(Windows) pass withthis change (including linting)?
make -j8 testvcbuild test nosigntest (or a benchmark) included?
Is a documentation update included (if this change modifiesexisting APIs, or introduces new ones)?
NOTE: these things are not required to open a PR and can be done
afterwards / while the PR is open.
Affected core subsystem(s)
Please provide affected core subsystem(s) (like buffer, cluster, crypto, etc)
Description of change
Please provide a description of the change here.
when the basename of "to" was a prefix of the basename of "from" win32
relative() would miss including it in the result
Fixes #5447
R=@mscdex