Skip to content

Commit

Permalink
tls_wrap: slice buffer properly in ClearOut
Browse files Browse the repository at this point in the history
Fix incorrect slicing of cleartext buffer in `TLSWrap::ClearOut`.

Fix: #4161
PR-URL: #4184
Reviewed-By: Brian White <[email protected]>
  • Loading branch information
indutny authored and Myles Borins committed Dec 30, 2015
1 parent 435271a commit 10a75c3
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 3 deletions.
4 changes: 3 additions & 1 deletion src/tls_wrap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -409,17 +409,19 @@ void TLSWrap::ClearOut() {
if (read <= 0)
break;

char* current = out;
while (read > 0) {
int avail = read;

uv_buf_t buf;
OnAlloc(avail, &buf);
if (static_cast<int>(buf.len) < avail)
avail = buf.len;
memcpy(buf.base, out, avail);
memcpy(buf.base, current, avail);
OnRead(avail, &buf);

read -= avail;
current += avail;
}
}

Expand Down
8 changes: 6 additions & 2 deletions test/parallel/test-tls-inception.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ var net = require('net');
var options, a, b, portA, portB;
var gotHello = false;

var body = new Buffer(4000).fill('A');

options = {
key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
Expand All @@ -38,7 +40,7 @@ a = tls.createServer(options, function(socket) {

// the "target" server
b = tls.createServer(options, function(socket) {
socket.end('hello');
socket.end(body);
});

process.on('exit', function() {
Expand All @@ -59,11 +61,13 @@ a.listen(common.PORT, function() {
rejectUnauthorized: false
});
ssl.setEncoding('utf8');
var buf = '';
ssl.once('data', function(data) {
assert.equal('hello', data);
buf += data;
gotHello = true;
});
ssl.on('end', function() {
assert.equal(buf, body);
ssl.end();
a.close();
b.close();
Expand Down

0 comments on commit 10a75c3

Please sign in to comment.