From c26b9af1e277ef94b9bb33d93e1779b0a35f41e2 Mon Sep 17 00:00:00 2001
From: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Date: Thu, 11 Aug 2016 00:46:06 +0530
Subject: [PATCH] tls: copy the Buffer object before using

`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols`
buffer object as it is, and if it is modified outside of core, it
might have an impact. This patch makes a copy of the buffer object,
before using it.

PR-URL: https://github.com/nodejs/node/pull/8055
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
---
 lib/tls.js                                  | 17 +++++++----------
 test/parallel/test-tls-basic-validations.js | 18 ++++++++++++++++++
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/lib/tls.js b/lib/tls.js
index 849daeb07f3456..765e1658ea9127 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -49,22 +49,19 @@ function convertProtocols(protocols) {
 exports.convertNPNProtocols = function(protocols, out) {
   // If protocols is Array - translate it into buffer
   if (Array.isArray(protocols)) {
-    protocols = convertProtocols(protocols);
-  }
-  // If it's already a Buffer - store it
-  if (protocols instanceof Buffer) {
-    out.NPNProtocols = protocols;
+    out.NPNProtocols = convertProtocols(protocols);
+  } else if (protocols instanceof Buffer) {
+    // Copy new buffer not to be modified by user.
+    out.NPNProtocols = Buffer.from(protocols);
   }
 };
 
 exports.convertALPNProtocols = function(protocols, out) {
   // If protocols is Array - translate it into buffer
   if (Array.isArray(protocols)) {
-    protocols = convertProtocols(protocols);
-  }
-  // If it's already a Buffer - store it
-  if (protocols instanceof Buffer) {
-    // copy new buffer not to be modified by user
+    out.ALPNProtocols = convertProtocols(protocols);
+  } else if (protocols instanceof Buffer) {
+    // Copy new buffer not to be modified by user.
     out.ALPNProtocols = Buffer.from(protocols);
   }
 };
diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
index a741f3b49c47ac..edf47f7059b406 100644
--- a/test/parallel/test-tls-basic-validations.js
+++ b/test/parallel/test-tls-basic-validations.js
@@ -33,3 +33,21 @@ assert.throws(() => tls.createServer({ticketKeys: new Buffer(0)}),
 
 assert.throws(() => tls.createSecurePair({}),
               /Error: First argument must be a tls module SecureContext/);
+
+{
+  const buffer = Buffer.from('abcd');
+  const out = {};
+  tls.convertALPNProtocols(buffer, out);
+  out.ALPNProtocols.write('efgh');
+  assert(buffer.equals(Buffer.from('abcd')));
+  assert(out.ALPNProtocols.equals(Buffer.from('efgh')));
+}
+
+{
+  const buffer = Buffer.from('abcd');
+  const out = {};
+  tls.convertNPNProtocols(buffer, out);
+  out.NPNProtocols.write('efgh');
+  assert(buffer.equals(Buffer.from('abcd')));
+  assert(out.NPNProtocols.equals(Buffer.from('efgh')));
+}