tls_wrap: slice buffer properly in ClearOut

Fix incorrect slicing of cleartext buffer in `TLSWrap::ClearOut`. Fix: nodejs#4161 PR-URL: nodejs#4184 Reviewed-By: Brian White <[email protected]>
scovetta · Apr 2, 2016 · 2116299 · 2116299
1 parent b108e39
commit 2116299
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 3 deletions.
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc
@@ -409,17 +409,19 @@ void TLSWrap::ClearOut() {
     if (read <= 0)
       break;
 
+    char* current = out;
     while (read > 0) {
       int avail = read;
 
       uv_buf_t buf;
       OnAlloc(avail, &buf);
       if (static_cast<int>(buf.len) < avail)
         avail = buf.len;
-      memcpy(buf.base, out, avail);
+      memcpy(buf.base, current, avail);
       OnRead(avail, &buf);
 
       read -= avail;
+      current += avail;
     }
   }
 

diff --git a/test/parallel/test-tls-inception.js b/test/parallel/test-tls-inception.js
@@ -15,6 +15,8 @@ var net = require('net');
 var options, a, b, portA, portB;
 var gotHello = false;
 
+var body = new Buffer(4000).fill('A');
+
 options = {
   key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
   cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
@@ -38,7 +40,7 @@ a = tls.createServer(options, function(socket) {
 
 // the "target" server
 b = tls.createServer(options, function(socket) {
-  socket.end('hello');
+  socket.end(body);
 });
 
 process.on('exit', function() {
@@ -59,11 +61,13 @@ a.listen(common.PORT, function() {
       rejectUnauthorized: false
     });
     ssl.setEncoding('utf8');
+    var buf = '';
     ssl.once('data', function(data) {
-      assert.equal('hello', data);
+      buf += data;
       gotHello = true;
     });
     ssl.on('end', function() {
+      assert.equal(buf, body);
       ssl.end();
       a.close();
       b.close();