From e53d208ea4ca7c6496c976be6db3383d99f993c3 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Thu, 2 Oct 2014 10:06:29 -0700
Subject: Improve security posture by eliminating non-const data() accessor
 from Buffer.

---
 node/Buffer.hpp | 36 ++++++++++++++++++++++++++++++------
 1 file changed, 30 insertions(+), 6 deletions(-)

(limited to 'node/Buffer.hpp')

diff --git a/node/Buffer.hpp b/node/Buffer.hpp
index bc74f048..64176e58 100644
--- a/node/Buffer.hpp
+++ b/node/Buffer.hpp
@@ -163,11 +163,13 @@ public:
 		return ((unsigned char *)_b)[i];
 	}
 
-	unsigned char *data() throw() { return (unsigned char *)_b; }
-	const unsigned char *data() const throw() { return (const unsigned char *)_b; }
-
 	/**
-	 * Safe way to get a pointer to a field from data() with bounds checking
+	 * Get a raw pointer to a field with bounds checking
+	 *
+	 * This isn't perfectly safe in that the caller could still overflow
+	 * the pointer, but its use provides both a sanity check and
+	 * documentation / reminder to the calling code to treat the returned
+	 * pointer as being of size [l].
 	 * 
 	 * @param i Index of field in buffer
 	 * @param l Length of field in bytes
@@ -304,8 +306,9 @@ public:
 	/**
 	 * Increment size and return pointer to field of specified size
 	 *
-	 * The memory isn't actually written, so this is a shortcut for a multi-step
-	 * process involving getting the current pointer and adding size.
+	 * Nothing is actually written to the memory. This is a shortcut
+	 * for addSize() followed by field() to reference the previous
+	 * position and the new size.
 	 *
 	 * @param l Length of field to append
 	 * @return Pointer to beginning of appended field of length 'l'
@@ -352,6 +355,22 @@ public:
 		_l = i;
 	}
 
+	/**
+	 * Move everything after 'at' to the buffer's front and truncate
+	 *
+	 * @param at Truncate before this position
+	 * @throw std::out_of_range Position is beyond size of buffer
+	 */
+	inline void behead(const unsigned int at)
+		throw(std::out_of_range)
+	{
+		if (!at)
+			return;
+		if (at > _l)
+			throw std::out_of_range("Buffer: behead() beyond capacity");
+		::memmove(_b,_b + at,_l -= at);
+	}
+
 	/**
 	 * Set buffer data length to zero
 	 */
@@ -388,6 +407,11 @@ public:
 		Utils::burn(_b,sizeof(_b));
 	}
 
+	/**
+	 * @return Constant pointer to data in buffer
+	 */
+	inline const void *data() const throw() { return _b; }
+
 	/**
 	 * @return Size of data in buffer
 	 */
-- 
cgit v1.2.3