mirror of https://github.com/lukechilds/node.git
Browse Source
The TLSWrap constructor is passed a StreamBase* which it stores as
TLSWrap::stream_, and is used to receive/send data along the pipeline
(e.g. tls -> tcp). Problem is the lifetime of the instance that stream_
points to is independent of the lifetime of the TLSWrap instance. So
it's possible for stream_ to be delete'd while the TLSWrap instance is
still alive, allowing potential access to a then invalid pointer.
Fix by having the StreamBase destructor null out TLSWrap::stream_;
allowing all TLSWrap methods that rely on stream_ to do a check to see
if it's available.
While the test provided is fixed by this commit, it was also previously
fixed by 478fabf
. Regardless, leave the test in for better testing.
PR-URL: https://github.com/nodejs/node/pull/11947
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
v6.x
Trevor Norris
8 years ago
committed by
Myles Borins
4 changed files with 60 additions and 1 deletions
@ -0,0 +1,42 @@ |
|||
'use strict'; |
|||
|
|||
const common = require('../common'); |
|||
const assert = require('assert'); |
|||
|
|||
if (!common.hasCrypto) { |
|||
common.skip('missing crypto'); |
|||
return; |
|||
} |
|||
const tls = require('tls'); |
|||
const fs = require('fs'); |
|||
const util = require('util'); |
|||
|
|||
const sent = 'hello world'; |
|||
const serverOptions = { |
|||
isServer: true, |
|||
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'), |
|||
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem') |
|||
}; |
|||
|
|||
let ssl = null; |
|||
|
|||
process.on('exit', function() { |
|||
assert.ok(ssl !== null); |
|||
// If the internal pointer to stream_ isn't cleared properly then this
|
|||
// will abort.
|
|||
util.inspect(ssl); |
|||
}); |
|||
|
|||
const server = tls.createServer(serverOptions, function(s) { |
|||
s.on('data', function() { }); |
|||
s.on('end', function() { |
|||
server.close(); |
|||
s.destroy(); |
|||
}); |
|||
}).listen(0, function() { |
|||
const c = new tls.TLSSocket(); |
|||
ssl = c.ssl; |
|||
c.connect(this.address().port, function() { |
|||
c.end(sent); |
|||
}); |
|||
}); |
Loading…
Reference in new issue