tls_wrap: slice buffer properly in `ClearOut`

Fix incorrect slicing of cleartext buffer in `TLSWrap::ClearOut`. Fix: https://github.com/nodejs/node/issues/4161 PR-URL: https://github.com/nodejs/node/pull/4184 Reviewed-By: Brian White <mscdex@mscdex.net>
9 years ago · 0efc35e6d8
2 changed files with 9 additions and 3 deletions
--- a/src/tls_wrap.cc
+++ b/src/tls_wrap.cc
@ -409,6 +409,7 @@ void TLSWrap::ClearOut() {
    if (read <= 0)
      break;

+    char* current = out;
    while (read > 0) {
      int avail = read;

@ -416,10 +417,11 @@ void TLSWrap::ClearOut() {
      OnAlloc(avail, &buf);
      if (static_cast<int>(buf.len) < avail)
        avail = buf.len;
-      memcpy(buf.base, out, avail);
+      memcpy(buf.base, current, avail);
      OnRead(avail, &buf);

      read -= avail;
+      current += avail;
    }
  }

--- a/test/parallel/test-tls-inception.js
+++ b/test/parallel/test-tls-inception.js
@ -15,6 +15,8 @@ var net = require('net');
 var options, a, b, portA, portB;
 var gotHello = false;

+var body = new Buffer(4000).fill('A');
+
 options = {
  key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')),
  cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem'))
@ -38,7 +40,7 @@ a = tls.createServer(options, function(socket) {

 // the "target" server
 b = tls.createServer(options, function(socket) {
-  socket.end('hello');
+  socket.end(body);
 });

 process.on('exit', function() {
@ -59,11 +61,13 @@ a.listen(common.PORT, function() {
      rejectUnauthorized: false
    });
    ssl.setEncoding('utf8');
+    var buf = '';
    ssl.once('data', function(data) {
-      assert.equal('hello', data);
+      buf += data;
      gotHello = true;
    });
    ssl.on('end', function() {
+      assert.equal(buf, body);
      ssl.end();
      a.close();
      b.close();