Skip to content

Commit 15462eb

Browse files
thefourtheyeMylesBorins
thefourtheye
authored and
MylesBorins
committed
tls: copy the Buffer object before using
cherry-pick c26b9af from v6-staging. `convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
1 parent 43ee08f commit 15462eb

File tree

2 files changed

+16
-10
lines changed

2 files changed

+16
-10
lines changed

lib/tls.js

Lines changed: 7 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -51,22 +51,19 @@ function convertProtocols(protocols) {
5151
exports.convertNPNProtocols = function(protocols, out) {
5252
// If protocols is Array - translate it into buffer
5353
if (Array.isArray(protocols)) {
54-
protocols = convertProtocols(protocols);
55-
}
56-
// If it's already a Buffer - store it
57-
if (protocols instanceof Buffer) {
58-
out.NPNProtocols = protocols;
54+
out.NPNProtocols = convertProtocols(protocols);
55+
} else if (protocols instanceof Buffer) {
56+
// Copy new buffer not to be modified by user.
57+
out.NPNProtocols = Buffer.from(protocols);
5958
}
6059
};
6160

6261
exports.convertALPNProtocols = function(protocols, out) {
6362
// If protocols is Array - translate it into buffer
6463
if (Array.isArray(protocols)) {
65-
protocols = convertProtocols(protocols);
66-
}
67-
// If it's already a Buffer - store it
68-
if (protocols instanceof Buffer) {
69-
// copy new buffer not to be modified by user
64+
out.ALPNProtocols = convertProtocols(protocols);
65+
} else if (protocols instanceof Buffer) {
66+
// Copy new buffer not to be modified by user.
7067
out.ALPNProtocols = Buffer.from(protocols);
7168
}
7269
};

test/parallel/test-tls-basic-validations.js

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,3 +17,12 @@ const tls = require('tls');
1717
assert(buffer.equals(Buffer.from('abcd')));
1818
assert(out.NPNProtocols.equals(Buffer.from('efgh')));
1919
}
20+
21+
{
22+
const buffer = Buffer.from('abcd');
23+
const out = {};
24+
tls.convertALPNProtocols(buffer, out);
25+
out.ALPNProtocols.write('efgh');
26+
assert(buffer.equals(Buffer.from('abcd')));
27+
assert(out.ALPNProtocols.equals(Buffer.from('efgh')));
28+
}

0 commit comments

Comments
 (0)