diff options
author | Fedor Indutny <fedor.indutny@gmail.com> | 2013-08-21 15:58:33 +0400 |
---|---|---|
committer | Fedor Indutny <fedor.indutny@gmail.com> | 2013-08-21 16:15:08 +0400 |
commit | af6a2339c56e89d7cf999cd64a69842a531c05dc (patch) | |
tree | f5138a30117e729648b146206c036d0b6d86feb2 | |
parent | e04c8a8ee400b6453cdb1133e7dd6791b69c0834 (diff) | |
download | node-af6a2339c56e89d7cf999cd64a69842a531c05dc.tar.gz |
tls: fix assertion when ssl is destroyed at read
`maybeInitFinished()` can emit the 'secure' event which
in turn destroys the connection in case of authentication
failure and sets `this.pair.ssl` to `null`.
If such condition appeared after non-empty read - loop will continue
and `clearOut` will be called on `null` object instead of
`crypto::Connection` instance. Resulting in the following assertion:
ERROR: Error: Hostname/IP doesn't match certificate's altnames
Assertion failed: handle->InternalFieldCount() > 0
fix #5756
-rw-r--r-- | lib/tls.js | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/lib/tls.js b/lib/tls.js index 0907b290f..ea3d2e431 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -461,7 +461,14 @@ CryptoStream.prototype._read = function read(size) { // Get NPN and Server name when ready this.pair.maybeInitFinished(); - } while (read > 0 && !this._buffer.isFull && bytesRead < size); + + // `maybeInitFinished()` can emit the 'secure' event which + // in turn destroys the connection in case of authentication + // failure and sets `this.pair.ssl` to `null`. + } while (read > 0 && + !this._buffer.isFull && + bytesRead < size && + this.pair.ssl !== null); // Create new buffer if previous was filled up var pool = this._buffer.pool; |