diff options
author | Ben Noordhuis <info@bnoordhuis.nl> | 2017-03-17 15:31:14 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2017-03-20 16:51:29 +0100 |
commit | 03a6c6ea8c6d74476d0f7f9bea86a2c0ae5cbc70 (patch) | |
tree | 32c087cb728360186048626068ad6d5a99e8b50f /src | |
parent | 7ef2d90e1b61971f3ab4d92bdb0f0a9b25ce6dcf (diff) | |
download | android-node-v8-03a6c6ea8c6d74476d0f7f9bea86a2c0ae5cbc70.tar.gz android-node-v8-03a6c6ea8c6d74476d0f7f9bea86a2c0ae5cbc70.tar.bz2 android-node-v8-03a6c6ea8c6d74476d0f7f9bea86a2c0ae5cbc70.zip |
tls: fix segfault on destroy after partial read
OnRead() calls into JS land which can result in the SSL context object
being destroyed on return. Check that `ssl_ != nullptr` afterwards.
Fixes: https://github.com/nodejs/node/issues/11885
PR-URL: https://github.com/nodejs/node/pull/11898
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/tls_wrap.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/tls_wrap.cc b/src/tls_wrap.cc index ad6daa4301..d21976c7df 100644 --- a/src/tls_wrap.cc +++ b/src/tls_wrap.cc @@ -446,6 +446,12 @@ void TLSWrap::ClearOut() { memcpy(buf.base, current, avail); OnRead(avail, &buf); + // Caveat emptor: OnRead() calls into JS land which can result in + // the SSL context object being destroyed. We have to carefully + // check that ssl_ != nullptr afterwards. + if (ssl_ == nullptr) + return; + read -= avail; current += avail; } |