From 1526909083537e1092316ccf306f3b32a4b0bf4a Mon Sep 17 00:00:00 2001
From: Marcel Laverdet <marcel@laverdet.com>
Date: Thu, 21 Mar 2013 16:56:02 -0500
Subject: [PATCH] tls: remove harmful unnecessary bounds checking

The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:

`if (off >= buffer_length) { ...`

448e0f43 corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:

`if (off + len > buffer_length) { ...`

So the check is actually obviated by the next line, and should be
removed.

This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
---
 src/node_crypto.cc | 20 --------------------
 1 file changed, 20 deletions(-)

diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index dd10507cee4..2df45737a5c 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -1307,11 +1307,6 @@ Handle<Value> Connection::EncIn(const Arguments& args) {
   size_t buffer_length = Buffer::Length(args[0]);
 
   size_t off = args[1]->Int32Value();
-  if (off >= buffer_length) {
-    return ThrowException(Exception::Error(
-          String::New("Offset is out of bounds")));
-  }
-
   size_t len = args[2]->Int32Value();
   if (off + len > buffer_length) {
     return ThrowException(Exception::Error(
@@ -1353,11 +1348,6 @@ Handle<Value> Connection::ClearOut(const Arguments& args) {
   size_t buffer_length = Buffer::Length(args[0]);
 
   size_t off = args[1]->Int32Value();
-  if (off >= buffer_length) {
-    return ThrowException(Exception::Error(
-          String::New("Offset is out of bounds")));
-  }
-
   size_t len = args[2]->Int32Value();
   if (off + len > buffer_length) {
     return ThrowException(Exception::Error(
@@ -1425,11 +1415,6 @@ Handle<Value> Connection::EncOut(const Arguments& args) {
   size_t buffer_length = Buffer::Length(args[0]);
 
   size_t off = args[1]->Int32Value();
-  if (off >= buffer_length) {
-    return ThrowException(Exception::Error(
-          String::New("Offset is out of bounds")));
-  }
-
   size_t len = args[2]->Int32Value();
   if (off + len > buffer_length) {
     return ThrowException(Exception::Error(
@@ -1464,11 +1449,6 @@ Handle<Value> Connection::ClearIn(const Arguments& args) {
   size_t buffer_length = Buffer::Length(args[0]);
 
   size_t off = args[1]->Int32Value();
-  if (off > buffer_length) {
-    return ThrowException(Exception::Error(
-          String::New("Offset is out of bounds")));
-  }
-
   size_t len = args[2]->Int32Value();
   if (off + len > buffer_length) {
     return ThrowException(Exception::Error(