mirror of https://github.com/nodejs/node.git
tls: remove harmful unnecessary bounds checking
The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:
`if (off >= buffer_length) { ...`
448e0f43
corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:
`if (off + len > buffer_length) { ...`
So the check is actually obviated by the next line, and should be
removed.
This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
pull/24507/merge
parent
14417fdb3f
commit
1526909083
|
@ -1307,11 +1307,6 @@ Handle<Value> Connection::EncIn(const Arguments& args) {
|
|||
size_t buffer_length = Buffer::Length(args[0]);
|
||||
|
||||
size_t off = args[1]->Int32Value();
|
||||
if (off >= buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
String::New("Offset is out of bounds")));
|
||||
}
|
||||
|
||||
size_t len = args[2]->Int32Value();
|
||||
if (off + len > buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
|
@ -1353,11 +1348,6 @@ Handle<Value> Connection::ClearOut(const Arguments& args) {
|
|||
size_t buffer_length = Buffer::Length(args[0]);
|
||||
|
||||
size_t off = args[1]->Int32Value();
|
||||
if (off >= buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
String::New("Offset is out of bounds")));
|
||||
}
|
||||
|
||||
size_t len = args[2]->Int32Value();
|
||||
if (off + len > buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
|
@ -1425,11 +1415,6 @@ Handle<Value> Connection::EncOut(const Arguments& args) {
|
|||
size_t buffer_length = Buffer::Length(args[0]);
|
||||
|
||||
size_t off = args[1]->Int32Value();
|
||||
if (off >= buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
String::New("Offset is out of bounds")));
|
||||
}
|
||||
|
||||
size_t len = args[2]->Int32Value();
|
||||
if (off + len > buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
|
@ -1464,11 +1449,6 @@ Handle<Value> Connection::ClearIn(const Arguments& args) {
|
|||
size_t buffer_length = Buffer::Length(args[0]);
|
||||
|
||||
size_t off = args[1]->Int32Value();
|
||||
if (off > buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
String::New("Offset is out of bounds")));
|
||||
}
|
||||
|
||||
size_t len = args[2]->Int32Value();
|
||||
if (off + len > buffer_length) {
|
||||
return ThrowException(Exception::Error(
|
||||
|
|
Loading…
Reference in New Issue