diff options
author | Marcel Laverdet <marcel@laverdet.com> | 2013-03-22 01:56:02 +0400 |
---|---|---|
committer | Fedor Indutny <fedor.indutny@gmail.com> | 2013-03-23 21:04:34 +0400 |
commit | 1526909083537e1092316ccf306f3b32a4b0bf4a (patch) | |
tree | 76acbc8f239861cbe1f21e2370858ce5d9c0e26f | |
parent | 14417fdb3fe68d0c0142e16359b75e9be44b1780 (diff) |
tls: remove harmful unnecessary bounds checking
The EncIn, EncOut, ClearIn & ClearOut functions are victims of some code
copy + pasting. A common line copied to all of them is:
`if (off >= buffer_length) { ...`
448e0f43 corrected ClearIn's check from `>=` to `>`, but left the others
unchanged (with an incorrect bounds check). However, if you look down at
the next very next bounds check you'll see:
`if (off + len > buffer_length) { ...`
So the check is actually obviated by the next line, and should be
removed.
This fixes an issue where writing a zero-length buffer to an encrypted
pair's *encrypted* stream you would get a crash.
-rw-r--r-- | src/node_crypto.cc | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index dd10507cee4..2df45737a5c 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -1307,11 +1307,6 @@ Handle<Value> Connection::EncIn(const Arguments& args) { size_t buffer_length = Buffer::Length(args[0]); size_t off = args[1]->Int32Value(); - if (off >= buffer_length) { - return ThrowException(Exception::Error( - String::New("Offset is out of bounds"))); - } - size_t len = args[2]->Int32Value(); if (off + len > buffer_length) { return ThrowException(Exception::Error( @@ -1353,11 +1348,6 @@ Handle<Value> Connection::ClearOut(const Arguments& args) { size_t buffer_length = Buffer::Length(args[0]); size_t off = args[1]->Int32Value(); - if (off >= buffer_length) { - return ThrowException(Exception::Error( - String::New("Offset is out of bounds"))); - } - size_t len = args[2]->Int32Value(); if (off + len > buffer_length) { return ThrowException(Exception::Error( @@ -1425,11 +1415,6 @@ Handle<Value> Connection::EncOut(const Arguments& args) { size_t buffer_length = Buffer::Length(args[0]); size_t off = args[1]->Int32Value(); - if (off >= buffer_length) { - return ThrowException(Exception::Error( - String::New("Offset is out of bounds"))); - } - size_t len = args[2]->Int32Value(); if (off + len > buffer_length) { return ThrowException(Exception::Error( @@ -1464,11 +1449,6 @@ Handle<Value> Connection::ClearIn(const Arguments& args) { size_t buffer_length = Buffer::Length(args[0]); size_t off = args[1]->Int32Value(); - if (off > buffer_length) { - return ThrowException(Exception::Error( - String::New("Offset is out of bounds"))); - } - size_t len = args[2]->Int32Value(); if (off + len > buffer_length) { return ThrowException(Exception::Error( |