lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

tls: stop NodeBIO::Gets from reading off end of buffer 

NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF.  This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.

Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed.  But keep the test introduced
in that commit, which tests properly for this
bug.

This bug was first introduced in a58f93f

Gist containing test code, bisection log, and notes:
   https://gist.github.com/maxtaco/9211605
v0.11.12-release
Maxwell Krohn 11 years ago
committed by Fedor Indutny
parent
b5f9779c2f
commit
a22a2d8656
2 changed files with 5 additions and 18 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 19
      lib/crypto.js
  2. 4
      src/node_crypto_bio.cc

19
lib/crypto.js
View File

@ -80,18 +80,6 @@ function Credentials(secureProtocol, flags, context) {
exports.Credentials = Credentials;
function addNewline(buf) {
var last = buf[buf.length - 1];
var isBuf = Buffer.isBuffer(buf);
if (!isBuf && !util.isString(buf))
throw new Error('Certificate should be of type Buffer or string');
if (isBuf ? last !== 10 : last !== '\n')
return buf.toString().trim() + '\n';
else
return buf;
}
exports.createCredentials = function(options, context) {
if (!options) options = {};
@ -103,15 +91,14 @@ exports.createCredentials = function(options, context) {
if (context) return c;
if (options.key) {
var key = addNewline(options.key);
if (options.passphrase) {
c.context.setKey(key, options.passphrase);
c.context.setKey(options.key, options.passphrase);
} else {
c.context.setKey(key);
c.context.setKey(options.key);
}
}
if (options.cert) c.context.setCert(addNewline(options.cert));
if (options.cert) c.context.setCert(options.cert);
if (options.ciphers) c.context.setCiphers(options.ciphers);

4
src/node_crypto_bio.cc
View File

@ -145,8 +145,8 @@ int NodeBIO::Gets(BIO* bio, char* out, int size) {
int i = nbio->IndexOf('\n', size);
// Include '\n'
if (i < size)
// Include '\n', if it's there. If not, don't read off the end.
if (i < size && i >= 0 && static_cast<size_t>(i) < nbio->Length())
i++;
// Shift `i` a bit to NULL-terminate string later

Write Preview
Loading…
Cancel
Save