lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

stream_base,tls_wrap: notify on destruct 

The TLSWrap constructor is passed a StreamBase* which it stores as
TLSWrap::stream_, and is used to receive/send data along the pipeline
(e.g. tls -> tcp). Problem is the lifetime of the instance that stream_
points to is independent of the lifetime of the TLSWrap instance. So
it's possible for stream_ to be delete'd while the TLSWrap instance is
still alive, allowing potential access to a then invalid pointer.

Fix by having the StreamBase destructor null out TLSWrap::stream_;
allowing all TLSWrap methods that rely on stream_ to do a check to see
if it's available.

While the test provided is fixed by this commit, it was also previously
fixed by 478fabf. Regardless, leave the test in for better testing.

PR-URL: https://github.com/nodejs/node/pull/11947
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
v6.x
Trevor Norris 8 years ago
committed by Myles Borins
parent
1baee1829b
commit
457c47d85e
No known key found for this signature in database GPG Key ID: 933B01F40B5CA946
4 changed files with 60 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 9
      src/stream_base.h
  2. 7
      src/tls_wrap.cc
  3. 3
      src/tls_wrap.h
  4. 42
      test/parallel/test-tls-retain-handle-no-abort.js

9
src/stream_base.h
View File

@ -146,10 +146,14 @@ class StreamResource {
const uv_buf_t* buf, const uv_buf_t* buf,
uv_handle_type pending, uv_handle_type pending,
void* ctx); void* ctx);
typedef void (*DestructCb)(void* ctx);
StreamResource() : bytes_read_(0) { StreamResource() : bytes_read_(0) {
} }
virtual ~StreamResource() = default; virtual ~StreamResource() {
if (!destruct_cb_.is_empty())
destruct_cb_.fn(destruct_cb_.ctx);
}
virtual int DoShutdown(ShutdownWrap* req_wrap) = 0; virtual int DoShutdown(ShutdownWrap* req_wrap) = 0;
virtual int DoTryWrite(uv_buf_t** bufs, size_t* count); virtual int DoTryWrite(uv_buf_t** bufs, size_t* count);
@ -186,15 +190,18 @@ class StreamResource {
inline void set_alloc_cb(Callback<AllocCb> c) { alloc_cb_ = c; } inline void set_alloc_cb(Callback<AllocCb> c) { alloc_cb_ = c; }
inline void set_read_cb(Callback<ReadCb> c) { read_cb_ = c; } inline void set_read_cb(Callback<ReadCb> c) { read_cb_ = c; }
inline void set_destruct_cb(Callback<DestructCb> c) { destruct_cb_ = c; }
inline Callback<AfterWriteCb> after_write_cb() { return after_write_cb_; } inline Callback<AfterWriteCb> after_write_cb() { return after_write_cb_; }
inline Callback<AllocCb> alloc_cb() { return alloc_cb_; } inline Callback<AllocCb> alloc_cb() { return alloc_cb_; }
inline Callback<ReadCb> read_cb() { return read_cb_; } inline Callback<ReadCb> read_cb() { return read_cb_; }
inline Callback<DestructCb> destruct_cb() { return destruct_cb_; }
private: private:
Callback<AfterWriteCb> after_write_cb_; Callback<AfterWriteCb> after_write_cb_;
Callback<AllocCb> alloc_cb_; Callback<AllocCb> alloc_cb_;
Callback<ReadCb> read_cb_; Callback<ReadCb> read_cb_;
Callback<DestructCb> destruct_cb_;
uint64_t bytes_read_; uint64_t bytes_read_;
friend class StreamBase; friend class StreamBase;

7
src/tls_wrap.cc
View File

@ -64,6 +64,7 @@ TLSWrap::TLSWrap(Environment* env,
stream_->set_after_write_cb({ OnAfterWriteImpl, this }); stream_->set_after_write_cb({ OnAfterWriteImpl, this });
stream_->set_alloc_cb({ OnAllocImpl, this }); stream_->set_alloc_cb({ OnAllocImpl, this });
stream_->set_read_cb({ OnReadImpl, this }); stream_->set_read_cb({ OnReadImpl, this });
stream_->set_destruct_cb({ OnDestructImpl, this });
set_alloc_cb({ OnAllocSelf, this }); set_alloc_cb({ OnAllocSelf, this });
set_read_cb({ OnReadSelf, this }); set_read_cb({ OnReadSelf, this });
@ -660,6 +661,12 @@ void TLSWrap::OnReadImpl(ssize_t nread,
} }
void TLSWrap::OnDestructImpl(void* ctx) {
TLSWrap* wrap = static_cast<TLSWrap*>(ctx);
wrap->clear_stream();
}
void TLSWrap::OnAllocSelf(size_t suggested_size, uv_buf_t* buf, void* ctx) { void TLSWrap::OnAllocSelf(size_t suggested_size, uv_buf_t* buf, void* ctx) {
buf->base = static_cast<char*>(node::Malloc(suggested_size)); buf->base = static_cast<char*>(node::Malloc(suggested_size));
CHECK_NE(buf->base, nullptr); CHECK_NE(buf->base, nullptr);

3
src/tls_wrap.h
View File

@ -54,6 +54,8 @@ class TLSWrap : public AsyncWrap,
size_t self_size() const override { return sizeof(*this); } size_t self_size() const override { return sizeof(*this); }
void clear_stream() { stream_ = nullptr; }
protected: protected:
static const int kClearOutChunkSize = 16384; static const int kClearOutChunkSize = 16384;
@ -121,6 +123,7 @@ class TLSWrap : public AsyncWrap,
const uv_buf_t* buf, const uv_buf_t* buf,
uv_handle_type pending, uv_handle_type pending,
void* ctx); void* ctx);
static void OnDestructImpl(void* ctx);
void DoRead(ssize_t nread, const uv_buf_t* buf, uv_handle_type pending); void DoRead(ssize_t nread, const uv_buf_t* buf, uv_handle_type pending);

42
test/parallel/test-tls-retain-handle-no-abort.js
View File

@ -0,0 +1,42 @@
'use strict';
const common = require('../common');
const assert = require('assert');
if (!common.hasCrypto) {
common.skip('missing crypto');
return;
}
const tls = require('tls');
const fs = require('fs');
const util = require('util');
const sent = 'hello world';
const serverOptions = {
isServer: true,
key: fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem'),
cert: fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem')
};
let ssl = null;
process.on('exit', function() {
assert.ok(ssl !== null);
// If the internal pointer to stream_ isn't cleared properly then this
// will abort.
util.inspect(ssl);
});
const server = tls.createServer(serverOptions, function(s) {
s.on('data', function() { });
s.on('end', function() {
server.close();
s.destroy();
});
}).listen(0, function() {
const c = new tls.TLSSocket();
ssl = c.ssl;
c.connect(this.address().port, function() {
c.end(sent);
});
});
Write Preview
Loading…
Cancel
Save