Skip to content

Commit

Permalink
zlib: pause stream if outgoing buffer is full
Browse files Browse the repository at this point in the history 
Signed-off-by: Matteo Collina <hello@matteocollina.com>
PR-URL: nodejs-private/node-private#541
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Ref: https://hackerone.com/reports/2284065
CVE-ID: CVE-2024-22025
  • Loading branch information
@mcollina @RafaelGSS
mcollina authored and RafaelGSS committed Feb 13, 2024
1 parent 77ac7c3 commit c213910
Show file tree
Hide file tree
Showing 3 changed files with 62 additions and 17 deletions.
33 changes: 25 additions & 8 deletions lib/zlib.js
View file
Expand Up @@ -560,10 +560,11 @@ function processCallback() {
self.bytesWritten += inDelta;

const have = handle.availOutBefore - availOutAfter;
let streamBufferIsFull = false;
if (have > 0) {
const out = self._outBuffer.slice(self._outOffset, self._outOffset + have);
self._outOffset += have;
self.push(out);
streamBufferIsFull = !self.push(out);
} else {
assert(have === 0, 'have should not go down');
}
Expand All @@ -588,13 +589,29 @@ function processCallback() {
handle.inOff += inDelta;
handle.availInBefore = availInAfter;

this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len

if (!streamBufferIsFull) {
this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len
} else {
const oldRead = self._read;
self._read = (n) => {
self._read = oldRead;
this.write(handle.flushFlag,
this.buffer, // in
handle.inOff, // in_off
handle.availInBefore, // in_len
self._outBuffer, // out
self._outOffset, // out_off
self._chunkSize); // out_len
self._read(n);
};
}
return;
}

Expand Down

0 comments on commit c213910

Please sign in to comment.