Browse Source

tls: stop NodeBIO::Gets from reading off end of buffer

NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF.  This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.

Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed.  But keep the test introduced
in that commit, which tests properly for this
bug.

This bug was first introduced in a58f93f

Gist containing test code, bisection log, and notes:
   https://gist.github.com/maxtaco/9211605
v0.11.12-release
Maxwell Krohn 11 years ago
committed by Fedor Indutny
parent
commit
a22a2d8656
  1. 19
      lib/crypto.js
  2. 4
      src/node_crypto_bio.cc

19
lib/crypto.js

@ -80,18 +80,6 @@ function Credentials(secureProtocol, flags, context) {
exports.Credentials = Credentials; exports.Credentials = Credentials;
function addNewline(buf) {
var last = buf[buf.length - 1];
var isBuf = Buffer.isBuffer(buf);
if (!isBuf && !util.isString(buf))
throw new Error('Certificate should be of type Buffer or string');
if (isBuf ? last !== 10 : last !== '\n')
return buf.toString().trim() + '\n';
else
return buf;
}
exports.createCredentials = function(options, context) { exports.createCredentials = function(options, context) {
if (!options) options = {}; if (!options) options = {};
@ -103,15 +91,14 @@ exports.createCredentials = function(options, context) {
if (context) return c; if (context) return c;
if (options.key) { if (options.key) {
var key = addNewline(options.key);
if (options.passphrase) { if (options.passphrase) {
c.context.setKey(key, options.passphrase); c.context.setKey(options.key, options.passphrase);
} else { } else {
c.context.setKey(key); c.context.setKey(options.key);
} }
} }
if (options.cert) c.context.setCert(addNewline(options.cert)); if (options.cert) c.context.setCert(options.cert);
if (options.ciphers) c.context.setCiphers(options.ciphers); if (options.ciphers) c.context.setCiphers(options.ciphers);

4
src/node_crypto_bio.cc

@ -145,8 +145,8 @@ int NodeBIO::Gets(BIO* bio, char* out, int size) {
int i = nbio->IndexOf('\n', size); int i = nbio->IndexOf('\n', size);
// Include '\n' // Include '\n', if it's there. If not, don't read off the end.
if (i < size) if (i < size && i >= 0 && static_cast<size_t>(i) < nbio->Length())
i++; i++;
// Shift `i` a bit to NULL-terminate string later // Shift `i` a bit to NULL-terminate string later

Loading…
Cancel
Save