From 0efc35e6d880d11ae876c73dd3c077e727847353 Mon Sep 17 00:00:00 2001 From: Fedor Indutny Date: Mon, 7 Dec 2015 22:15:43 -0500 Subject: [PATCH] tls_wrap: slice buffer properly in `ClearOut` Fix incorrect slicing of cleartext buffer in `TLSWrap::ClearOut`. Fix: https://github.com/nodejs/node/issues/4161 PR-URL: https://github.com/nodejs/node/pull/4184 Reviewed-By: Brian White --- src/tls_wrap.cc | 4 +++- test/parallel/test-tls-inception.js | 8 ++++++-- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc index fc00893b77..7d83c79894 100644 --- a/src/tls_wrap.cc +++ b/src/tls_wrap.cc @@ -409,6 +409,7 @@ void TLSWrap::ClearOut() { if (read <= 0) break; + char* current = out; while (read > 0) { int avail = read; @@ -416,10 +417,11 @@ void TLSWrap::ClearOut() { OnAlloc(avail, &buf); if (static_cast(buf.len) < avail) avail = buf.len; - memcpy(buf.base, out, avail); + memcpy(buf.base, current, avail); OnRead(avail, &buf); read -= avail; + current += avail; } } diff --git a/test/parallel/test-tls-inception.js b/test/parallel/test-tls-inception.js index df03cf934f..12b9f95fac 100644 --- a/test/parallel/test-tls-inception.js +++ b/test/parallel/test-tls-inception.js @@ -15,6 +15,8 @@ var net = require('net'); var options, a, b, portA, portB; var gotHello = false; +var body = new Buffer(4000).fill('A'); + options = { key: fs.readFileSync(path.join(common.fixturesDir, 'test_key.pem')), cert: fs.readFileSync(path.join(common.fixturesDir, 'test_cert.pem')) @@ -38,7 +40,7 @@ a = tls.createServer(options, function(socket) { // the "target" server b = tls.createServer(options, function(socket) { - socket.end('hello'); + socket.end(body); }); process.on('exit', function() { @@ -59,11 +61,13 @@ a.listen(common.PORT, function() { rejectUnauthorized: false }); ssl.setEncoding('utf8'); + var buf = ''; ssl.once('data', function(data) { - assert.equal('hello', data); + buf += data; gotHello = true; }); ssl.on('end', function() { + assert.equal(buf, body); ssl.end(); a.close(); b.close();