diff options
author | Maxwell Krohn <themax@gmail.com> | 2014-02-25 15:48:31 -0500 |
---|---|---|
committer | Fedor Indutny <fedor.indutny@gmail.com> | 2014-02-26 17:33:10 +0400 |
commit | a22a2d8656419586647ca1aa6c5008f3e9045424 (patch) | |
tree | 2695894a4870378008cf3927a275de79944ab1c5 /src/node_crypto_bio.cc | |
parent | b5f9779c2f837eb500cd9ead37d88b2717c5ba91 (diff) | |
download | android-node-v8-a22a2d8656419586647ca1aa6c5008f3e9045424.tar.gz android-node-v8-a22a2d8656419586647ca1aa6c5008f3e9045424.tar.bz2 android-node-v8-a22a2d8656419586647ca1aa6c5008f3e9045424.zip |
tls: stop NodeBIO::Gets from reading off end of buffer
NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF. This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.
Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed. But keep the test introduced
in that commit, which tests properly for this
bug.
This bug was first introduced in a58f93f
Gist containing test code, bisection log, and notes:
https://gist.github.com/maxtaco/9211605
Diffstat (limited to 'src/node_crypto_bio.cc')
-rw-r--r-- | src/node_crypto_bio.cc | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc index eaf8f76a51..22f0f6e8c7 100644 --- a/src/node_crypto_bio.cc +++ b/src/node_crypto_bio.cc @@ -145,8 +145,8 @@ int NodeBIO::Gets(BIO* bio, char* out, int size) { int i = nbio->IndexOf('\n', size); - // Include '\n' - if (i < size) + // Include '\n', if it's there. If not, don't read off the end. + if (i < size && i >= 0 && static_cast<size_t>(i) < nbio->Length()) i++; // Shift `i` a bit to NULL-terminate string later |