From 5f1d6d523d54bbc2ba1da31b260900c27b2c6d9f Mon Sep 17 00:00:00 2001 From: jrtechs Date: Mon, 10 Dec 2018 18:23:37 -0500 Subject: [PATCH] Fixed potential memory overflow attack via the cache system. --- includes/includes.js | 2 +- posts/category.js | 2 +- posts/posts.js | 7 ++-- posts/renderBatchOfPreviewes.js | 4 +-- posts/renderNextBar.js | 59 +++++++++++++++++++-------------- sites/blog.js | 18 +++++++--- sites/projects.js | 3 -- 7 files changed, 53 insertions(+), 42 deletions(-) diff --git a/includes/includes.js b/includes/includes.js index 33cb075..0133b7e 100644 --- a/includes/includes.js +++ b/includes/includes.js @@ -50,9 +50,9 @@ const sendCachedContent = function(path, type, result) 'Vary': 'Accept-Encoding'}); result.write(content); result.end(); - cache.put(path, content); }).catch(function(error) { + cache.del(path); console.log(error); }); } diff --git a/posts/category.js b/posts/category.js index fb8e8e9..28778a2 100644 --- a/posts/category.js +++ b/posts/category.js @@ -31,7 +31,7 @@ const renderPosts = function(resultURL, page) } else { - return utils.print404(); + reject("Page Not Found"); } }; diff --git a/posts/posts.js b/posts/posts.js index 8e28372..3f32e38 100644 --- a/posts/posts.js +++ b/posts/posts.js @@ -30,7 +30,7 @@ const renderPost = function(requestURL) } else { - return utils.print404(); + reject("Page Not Found"); } }).then(function(html) { @@ -42,10 +42,7 @@ const renderPost = function(requestURL) } else { - utils.print404().then(function(html) - { - resolve("
" + html + "
"); - }); + reject("Page Not Found"); } }); }; diff --git a/posts/renderBatchOfPreviewes.js b/posts/renderBatchOfPreviewes.js index b81492d..bcdd1e3 100644 --- a/posts/renderBatchOfPreviewes.js +++ b/posts/renderBatchOfPreviewes.js @@ -17,9 +17,9 @@ module.exports= { currentPage = Number(currentPage); } + return new Promise(function(resolve, reject) { - const promises = []; for(var i = (currentPage-1) * numOfPosts; i < (currentPage-1) * numOfPosts + numOfPosts; i++) { @@ -33,7 +33,7 @@ module.exports= res(html); }).catch(function(error) { - rej(error); + reject(error) }) })); } diff --git a/posts/renderNextBar.js b/posts/renderNextBar.js index 5bef905..7b96d3b 100644 --- a/posts/renderNextBar.js +++ b/posts/renderNextBar.js @@ -1,38 +1,47 @@ const isValidPage = function(page, postsPerPage, totalPosts) { - return (!(page === 0 || page -1 >= totalPosts/postsPerPage)); + return !(page === 0 || page -1 >= totalPosts/postsPerPage); }; - module.exports= { main: function(baseURL, currentPage, postsPerPage, totalPosts) { - var nextPage = currentPage + 1; - var previousPage = currentPage - 1; + return new Promise(function(resolve, reject) + { - var olderPosts = ""; - var newerPosts = ""; + if(!isValidPage(currentPage, postsPerPage, totalPosts)) + { + reject("Invalid Page"); + } - if (isValidPage(previousPage, postsPerPage, totalPosts)) - { - newerPosts = ""; - } + var nextPage = currentPage + 1; + var previousPage = currentPage - 1; + + var olderPosts = ""; + var newerPosts = ""; + + if (isValidPage(previousPage, postsPerPage, totalPosts)) + { + newerPosts = ""; + } + + if (isValidPage(nextPage, postsPerPage, totalPosts)) + { + olderPosts = ""; + } + + resolve("
\n" + + "
" + newerPosts + "
\n" + + "
" + olderPosts + "
\n" + + "

"); + }) - if (isValidPage(nextPage, postsPerPage, totalPosts)) - { - olderPosts = ""; - } - - return "
\n" + - "
" + newerPosts + "
\n" + - "
" + olderPosts + "
\n" + - "

"; } }; \ No newline at end of file diff --git a/sites/blog.js b/sites/blog.js index 89f9ed6..a979091 100644 --- a/sites/blog.js +++ b/sites/blog.js @@ -8,6 +8,9 @@ const contentLoader = require('../includes/staticContentServer.js'); //caching program to make the application run faster const cache = require('memory-cache'); +//file io +const utils = require('../utils/utils.js'); + /** * @author Jeffery Russell 11-3-18 * @@ -59,12 +62,14 @@ module.exports= if (urlSplit.length >= 2 && urlSplit[1] === 'category') //single category page file = "../posts/category.js"; - else + { file = "../posts/posts.js"; + page = 1; // all posts are single page, everyone must be one to ensure + // cache is not tricked into storing same blog post a ton of times + } } - Promise.all([includes.printHeader(), require(file).main(filename, request), includes.printFooter()]).then(function (content) @@ -72,11 +77,14 @@ module.exports= result.write(content.join('')); result.end(); cache.put(filename + "?page=" + page, content.join('')); - }).catch(function (err) { - console.log(err); - throw err; + cache.del(filename + "?page=" + page); + utils.print404().then(function(content) + { + result.write(content); + result.end(); + }) }); } else diff --git a/sites/projects.js b/sites/projects.js index ad8ea55..89a35a3 100644 --- a/sites/projects.js +++ b/sites/projects.js @@ -1,6 +1,3 @@ -//file io -const utils = require('../utils/utils.js'); - //used to parse the request URL const url = require('url');