Skip to content

Commit

Permalink
zlib: pause stream if outgoing buffer is full
Browse files Browse the repository at this point in the history
Signed-off-by: Matteo Collina <[email protected]>
PR-URL: nodejs-private/node-private#540
Reviewed-By: Robert Nagy <[email protected]>
Ref: https://hackerone.com/reports/2284065
CVE-ID: CVE-2024-22025
  • Loading branch information
mcollina authored and marco-ippolito committed Feb 13, 2024
1 parent 9d2ac2b commit 8547196
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 17 deletions.
33 changes: 25 additions & 8 deletions lib/zlib.js
Original file line number Diff line number Diff line change
Expand Up @@ -560,10 +560,11 @@ function processCallback() {
self.bytesWritten += inDelta;

const have = handle.availOutBefore - availOutAfter;
let streamBufferIsFull = false;
if (have > 0) {
const out = self._outBuffer.slice(self._outOffset, self._outOffset + have);
self._outOffset += have;
self.push(out);
streamBufferIsFull = !self.push(out);
} else {
assert(have === 0, 'have should not go down');
}
Expand All @@ -588,13 +589,29 @@ function processCallback() {
handle.inOff += inDelta;
handle.availInBefore = availInAfter;

this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len

if (!streamBufferIsFull) {
this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len
} else {
const oldRead = self._read;
self._read = (n) => {
self._read = oldRead;
this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len
self._read(n);
};
}
return;
}

Expand Down
Loading

0 comments on commit 8547196

Please sign in to comment.