[Pkg-javascript-commits] [node-static] 01/02: Adding bounds checking to buffer copy in Server.stream

Tonnerre Lombard tonnerre-guest at moszumanska.debian.org
Tue Jan 7 23:18:09 UTC 2014


This is an automated email from the git hooks/post-receive script.

tonnerre-guest pushed a commit to branch upstream
in repository node-static.

commit 4962c77d87b592266f6a206bf3a06ecbeade48c8
Author: timthornton <tim.thornton at bedarra.com>
Date:   Wed Nov 6 15:16:08 2013 -0500

    Adding bounds checking to buffer copy in Server.stream
---
 lib/node-static.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/lib/node-static.js b/lib/node-static.js
index 9030c68..5c7cf91 100644
--- a/lib/node-static.js
+++ b/lib/node-static.js
@@ -299,8 +299,12 @@ Server.prototype.stream = function (pathname, files, buffer, res, callback) {
                 flags: 'r',
                 mode: 0666
             }).on('data', function (chunk) {
-                chunk.copy(buffer, offset);
-                offset += chunk.length;
+                // Bounds check the incoming chunk and offset, as copying
+                // a buffer from an invalid offset will throw an error and crash
+                if (chunk.length && offset < buffer.length && offset >= 0) {
+                    chunk.copy(buffer, offset);
+                    offset += chunk.length;
+                }
             }).on('close', function () {
                 streamFile(files, offset);
             }).on('error', function (err) {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-static.git



More information about the Pkg-javascript-commits mailing list