tls: copy the Buffer object before using

cherry-pick c26b9af1e2 from v6-staging. `convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: https://github.com/nodejs/node/pull/8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
9 years ago · a67ada7d32
2 changed files with 16 additions and 10 deletions
--- a/lib/tls.js
+++ b/lib/tls.js
@ -51,22 +51,19 @@ function convertProtocols(protocols) {
 exports.convertNPNProtocols  = function(protocols, out) {
  // If protocols is Array - translate it into buffer
  if (Array.isArray(protocols)) {
-    protocols = convertProtocols(protocols);
-  }
-  // If it's already a Buffer - store it
-  if (protocols instanceof Buffer) {
-    out.NPNProtocols = protocols;
+    out.NPNProtocols = convertProtocols(protocols);
+  } else if (protocols instanceof Buffer) {
+    // Copy new buffer not to be modified by user.
+    out.NPNProtocols = Buffer.from(protocols);
  }
 };

 exports.convertALPNProtocols = function(protocols, out) {
  // If protocols is Array - translate it into buffer
  if (Array.isArray(protocols)) {
-    protocols = convertProtocols(protocols);
-  }
-  // If it's already a Buffer - store it
-  if (protocols instanceof Buffer) {
-    // copy new buffer not to be modified by user
+    out.ALPNProtocols = convertProtocols(protocols);
+  } else if (protocols instanceof Buffer) {
+    // Copy new buffer not to be modified by user.
    out.ALPNProtocols = Buffer.from(protocols);
  }
 };
--- a/test/parallel/test-tls-basic-validations.js
+++ b/test/parallel/test-tls-basic-validations.js
@ -17,3 +17,12 @@ const tls = require('tls');
  assert(buffer.equals(Buffer.from('abcd')));
  assert(out.NPNProtocols.equals(Buffer.from('efgh')));
 }
+
+{
+  const buffer = Buffer.from('abcd');
+  const out = {};
+  tls.convertALPNProtocols(buffer, out);
+  out.ALPNProtocols.write('efgh');
+  assert(buffer.equals(Buffer.from('abcd')));
+  assert(out.ALPNProtocols.equals(Buffer.from('efgh')));
+}