tls: fix pool usage race

When calling `encOut` in loop, `maybeInitFinished()` may invoke
`clearOut`'s loop, leading to the writing of interleaved data
(encrypted and cleartext) into the one shared pool.

Move `maybeInitFinished()` out of the loop and add assertion for
future.

1 files changed, 7 insertions, 8 deletions

diff --git a/lib/tls.js b/lib/tls.js
index 2077b8f5c..ab2704445 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -445,30 +445,29 @@ CryptoStream.prototype._read = function read(size) {
   }
 
   var bytesRead = 0,
-      start = this._buffer.offset;
+      start = this._buffer.offset,
+      last = start;
   do {
+    assert(last === this._buffer.offset);
     var read = this._buffer.use(this.pair.ssl, out, size - bytesRead);
     if (read > 0) {
       bytesRead += read;
     }
+    last = this._buffer.offset;
 
     // Handle and report errors
     if (this.pair.ssl && this.pair.ssl.error) {
       this.pair.error();
       break;
     }
-
-    // Get NPN and Server name when ready
-    this.pair.maybeInitFinished();
-
-    // `maybeInitFinished()` can emit the 'secure' event which
-    // in turn destroys the connection in case of authentication
-    // failure and sets `this.pair.ssl` to `null`.
   } while (read > 0 &&
            !this._buffer.isFull &&
            bytesRead < size &&
            this.pair.ssl !== null);
 
+  // Get NPN and Server name when ready
+  this.pair.maybeInitFinished();
+
   // Create new buffer if previous was filled up
   var pool = this._buffer.pool;
   if (this._buffer.isFull) this._buffer.create();