-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
tls: copy the Buffer object before using #8055
Conversation
`convertNPNProtocols` uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it.
LGTM. Good catch. |
@@ -53,7 +53,8 @@ exports.convertNPNProtocols = function(protocols, out) { | |||
} | |||
// If it's already a Buffer - store it | |||
if (protocols instanceof Buffer) { | |||
out.NPNProtocols = protocols; | |||
// copy new buffer not to be modified by user | |||
out.NPNProtocols = Buffer.from(protocols); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is inefficient (in a minor way) if protocols
was originally an array. In that case two buffers are created, here and in convertProtocols()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done!
Take-it-or-leave-it performance comment. LGTM with style nit if you want to land it as-is. |
LGTM |
Oh, you might want to update the commit log to also mention convertALPNProtocols(). |
LGTM |
CI is green. Landing |
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Landed in 60dcd73 |
Thanks @jasnell :-) |
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
this is not backporting cleanly. Is it relevant to v4.x? I know there has been a bunch of churn on buffer |
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: nodejs#8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
cherry-pick c26b9af from v6-staging. `convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
cherry-pick c26b9af from v6-staging. `convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
cherry-pick c26b9af from v6-staging. `convertNPNProtocols` and `convertALPNProtocols' uses the `protocols` buffer object as it is, and if it is modified outside of core, it might have an impact. This patch makes a copy of the buffer object, before using it. PR-URL: #8055 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Checklist
make -j4 test
(UNIX), orvcbuild test nosign
(Windows) passesAffected core subsystem(s)
tls
Description of change
convertNPNProtocols
uses theprotocols
buffer object as it is, andif it is modified outside of core, it might have an impact. This patch
makes a copy of the buffer object, before using it.
cc @nodejs/crypto