Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit d0868ff

Browse filesBrowse files
bnoordhuisMylesBorins
bnoordhuis
authored and
MylesBorins
committed
tls: fix segfault on destroy after partial read
OnRead() calls into JS land which can result in the SSL context object being destroyed on return. Check that `ssl_ != nullptr` afterwards. Fixes: #11885 PR-URL: #11898 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
1 parent f53c48e commit d0868ff
Copy full SHA for d0868ff

File tree

Expand file treeCollapse file tree

2 files changed

+42
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+42
-0
lines changed
Open diff view settings
Collapse file

‎src/tls_wrap.cc‎

Copy file name to clipboardExpand all lines: src/tls_wrap.cc
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -426,6 +426,12 @@ void TLSWrap::ClearOut() {
426426
memcpy(buf.base, current, avail);
427427
OnRead(avail, &buf);
428428

429+
// Caveat emptor: OnRead() calls into JS land which can result in
430+
// the SSL context object being destroyed. We have to carefully
431+
// check that ssl_ != nullptr afterwards.
432+
if (ssl_ == nullptr)
433+
return;
434+
429435
read -= avail;
430436
current += avail;
431437
}
Collapse file

‎test/parallel/test-tls-socket-destroy.js‎

Copy file name to clipboard
+36Lines changed: 36 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,36 @@
1+
'use strict';
2+
3+
const common = require('../common');
4+
5+
if (!common.hasCrypto) {
6+
common.skip('missing crypto');
7+
return;
8+
}
9+
10+
const fs = require('fs');
11+
const net = require('net');
12+
const tls = require('tls');
13+
14+
const key = fs.readFileSync(common.fixturesDir + '/keys/agent1-key.pem');
15+
const cert = fs.readFileSync(common.fixturesDir + '/keys/agent1-cert.pem');
16+
const secureContext = tls.createSecureContext({ key, cert });
17+
18+
const server = net.createServer(common.mustCall((conn) => {
19+
const options = { isServer: true, secureContext, server };
20+
const socket = new tls.TLSSocket(conn, options);
21+
socket.once('data', common.mustCall(() => {
22+
socket._destroySSL(); // Should not crash.
23+
server.close();
24+
}));
25+
}));
26+
27+
server.listen(0, function() {
28+
const options = {
29+
port: this.address().port,
30+
rejectUnauthorized: false,
31+
};
32+
tls.connect(options, function() {
33+
this.write('*'.repeat(1 << 20)); // Write more data than fits in a frame.
34+
this.on('error', this.destroy); // Server closes connection on us.
35+
});
36+
});

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.