This repository has been archived by the owner. It is now read-only.
Permalink
Browse files

tls: stop NodeBIO::Gets from reading off end of buffer

NodeBIO::Gets was reading off the end of a buffer if it
didn't find a "\n" before the EOF.  This behavior
was causing X509 certificates passed to `https.Agent`
via the "ca" option to be silently discarded. It also
was causing improper parsing of certs and keys
passed to https.Agent, but those problems were worked
around in cdde9a3.

Backed out workaround in `lib/crypto.js` from ccde9a3,
which now isn't needed.  But keep the test introduced
in that commit, which tests properly for this
bug.

This bug was first introduced in a58f93f

Gist containing test code, bisection log, and notes:
   https://gist.github.com/maxtaco/9211605
  • Loading branch information...
1 parent b5f9779 commit a22a2d8656419586647ca1aa6c5008f3e9045424 @maxtaco maxtaco committed with indutny Feb 25, 2014
Showing with 5 additions and 18 deletions.
  1. +3 −16 lib/crypto.js
  2. +2 −2 src/node_crypto_bio.cc
View
@@ -80,18 +80,6 @@ function Credentials(secureProtocol, flags, context) {
exports.Credentials = Credentials;
-function addNewline(buf) {
- var last = buf[buf.length - 1];
- var isBuf = Buffer.isBuffer(buf);
-
- if (!isBuf && !util.isString(buf))
- throw new Error('Certificate should be of type Buffer or string');
-
- if (isBuf ? last !== 10 : last !== '\n')
- return buf.toString().trim() + '\n';
- else
- return buf;
-}
exports.createCredentials = function(options, context) {
if (!options) options = {};
@@ -103,15 +91,14 @@ exports.createCredentials = function(options, context) {
if (context) return c;
if (options.key) {
- var key = addNewline(options.key);
if (options.passphrase) {
- c.context.setKey(key, options.passphrase);
+ c.context.setKey(options.key, options.passphrase);
} else {
- c.context.setKey(key);
+ c.context.setKey(options.key);
}
}
- if (options.cert) c.context.setCert(addNewline(options.cert));
+ if (options.cert) c.context.setCert(options.cert);
if (options.ciphers) c.context.setCiphers(options.ciphers);
View
@@ -145,8 +145,8 @@ int NodeBIO::Gets(BIO* bio, char* out, int size) {
int i = nbio->IndexOf('\n', size);
- // Include '\n'
- if (i < size)
+ // Include '\n', if it's there. If not, don't read off the end.
+ if (i < size && i >= 0 && static_cast<size_t>(i) < nbio->Length())
i++;
// Shift `i` a bit to NULL-terminate string later

0 comments on commit a22a2d8

Please sign in to comment.