diff options
| author |  Ciro Spaciari <ciro.spaciari@gmail.com>
| 2023-03-19 23:42:45 -0300 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-03-19 19:42:45 -0700 |
| commit | 7aa297012b7986ac877107fc7170f74b688f1757 (patch) | |
| tree | 683171ea96c3e2213c4e0ed63356a658c1f68e88 | |
| parent | 9443cca1bb46bcb130fd4273f755b84b9411d382 (diff) | |
| download | bun-7aa297012b7986ac877107fc7170f74b688f1757.tar.gz bun-7aa297012b7986ac877107fc7170f74b688f1757.tar.zst bun-7aa297012b7986ac877107fc7170f74b688f1757.zip | |
add some extra abort checks into streams (#2430)
* add some checks to avoid UAF
* avoid multiple calls to finalize if endFromJS is called more than once
* fix no-op comment
* mark as requested_end on abort
* remove requested_end from abort
| -rw-r--r-- | src/bun.js/webcore/streams.zig | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/bun.js/webcore/streams.zig b/src/bun.js/webcore/streams.zig index b5f690a1d..6aead6952 100644 --- a/src/bun.js/webcore/streams.zig +++ b/src/bun.js/webcore/streams.zig @@ -2356,6 +2356,9 @@ pub fn HTTPServerWritable(comptime ssl: bool) type { } fn send(this: *@This(), buf: []const u8) bool { + // send is a no-op when already aborted + if (this.aborted) return false; + std.debug.assert(!this.done); defer log("send: {d} bytes (backpressure: {any})", .{ buf.len, this.has_backpressure }); @@ -2391,7 +2394,9 @@ pub fn HTTPServerWritable(comptime ssl: bool) type { log("onWritable ({d})", .{write_offset}); if (this.done) { - this.res.endStream(false); + if (this.aborted == false) { + this.res.endStream(false); + } this.finalize(); return false; } @@ -2435,7 +2440,7 @@ pub fn HTTPServerWritable(comptime ssl: bool) type { } pub fn start(this: *@This(), stream_start: StreamStart) JSC.Node.Maybe(void) { - if (this.res.hasResponded()) { + if (this.aborted or this.res.hasResponded()) { this.done = true; this.signal.close(null); return .{ .result = {} }; @@ -2729,6 +2734,7 @@ pub fn HTTPServerWritable(comptime ssl: bool) type { } if (this.done or this.res.hasResponded()) { + this.requested_end = true; this.signal.close(null); this.done = true; this.finalize(); @@ -2766,9 +2772,9 @@ pub fn HTTPServerWritable(comptime ssl: bool) type { pub fn abort(this: *@This()) void { log("onAborted()", .{}); - this.signal.close(null); this.done = true; this.aborted = true; + this.signal.close(null); this.flushPromise(); this.finalize(); } |