diff --git a/src/node_crypto_clienthello.cc b/src/node_crypto_clienthello.cc index d4d222f838c5ac..4df0d934829a07 100644 --- a/src/node_crypto_clienthello.cc +++ b/src/node_crypto_clienthello.cc @@ -74,6 +74,12 @@ bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) { void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { ClientHello hello; + bool failed = true; + + OnScopeLeave cleanup([&]() { + if (failed) + End(); + }); // >= 5 + frame size bytes for frame parsing if (body_offset_ + frame_len_ > avail) @@ -88,23 +94,23 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { if (data[body_offset_ + 4] != 0x03 || data[body_offset_ + 5] < 0x01 || data[body_offset_ + 5] > 0x03) { - goto fail; + return; } if (data[body_offset_] == kClientHello) { if (state_ == kTLSHeader) { if (!ParseTLSClientHello(data, avail)) - goto fail; + return; } else { // We couldn't get here, but whatever - goto fail; + return; } // Check if we overflowed (do not reply with any private data) if (session_id_ == nullptr || session_size_ > 32 || session_id_ + session_size_ > data + avail) { - goto fail; + return; } } @@ -116,10 +122,8 @@ void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) { hello.servername_ = servername_; hello.servername_size_ = static_cast(servername_size_); onhello_cb_(cb_arg_, hello); + failed = false; return; - - fail: - End(); }