[Pkg-javascript-commits] [node-static] 01/02: Adding bounds checking to buffer copy in Server.stream
Tonnerre Lombard
tonnerre-guest at moszumanska.debian.org
Tue Jan 7 23:18:09 UTC 2014
This is an automated email from the git hooks/post-receive script.
tonnerre-guest pushed a commit to branch upstream
in repository node-static.
commit 4962c77d87b592266f6a206bf3a06ecbeade48c8
Author: timthornton <tim.thornton at bedarra.com>
Date: Wed Nov 6 15:16:08 2013 -0500
Adding bounds checking to buffer copy in Server.stream
---
lib/node-static.js | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/lib/node-static.js b/lib/node-static.js
index 9030c68..5c7cf91 100644
--- a/lib/node-static.js
+++ b/lib/node-static.js
@@ -299,8 +299,12 @@ Server.prototype.stream = function (pathname, files, buffer, res, callback) {
flags: 'r',
mode: 0666
}).on('data', function (chunk) {
- chunk.copy(buffer, offset);
- offset += chunk.length;
+ // Bounds check the incoming chunk and offset, as copying
+ // a buffer from an invalid offset will throw an error and crash
+ if (chunk.length && offset < buffer.length && offset >= 0) {
+ chunk.copy(buffer, offset);
+ offset += chunk.length;
+ }
}).on('close', function () {
streamFile(files, offset);
}).on('error', function (err) {
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-static.git
More information about the Pkg-javascript-commits
mailing list