From c841b5a6b9546d24a41bd3d400c2b13c37eb0b17 Mon Sep 17 00:00:00 2001
From: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Date: Thu, 11 Aug 2016 00:46:06 +0530
Subject: [PATCH] tls: copy the Buffer object before using

`convertNPNProtocols` and `convertALPNProtocols' uses the `protocols`
buffer object as it is, and if it is modified outside of core, it
might have an impact. This patch makes a copy of the buffer object,
before using it.

PR-URL: https://github.com/nodejs/node/pull/8055
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
---
 lib/tls.js                                  |  2 +-
 test/parallel/test-tls-basic-validations.js | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+), 1 deletion(-)
 create mode 100644 test/parallel/test-tls-basic-validations.js

diff --git a/lib/tls.js b/lib/tls.js
index 3e45429072745b..2f41dc1f328ccf 100644
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -52,7 +52,7 @@ exports.convertNPNProtocols = function convertNPNProtocols(NPNProtocols, out) {
 
   // If it's already a Buffer - store it
   if (NPNProtocols instanceof Buffer) {
-    out.NPNProtocols = NPNProtocols;
+    out.NPNProtocols = Buffer.from(NPNProtocols);
   }
 };
 
diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
new file mode 100644
index 00000000000000..c3ebabc9e6f43d
--- /dev/null
+++ b/test/parallel/test-tls-basic-validations.js
@@ -0,0 +1,19 @@
+'use strict';
+
+const common = require('../common');
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+  return;
+}
+
+const assert = require('assert');
+const tls = require('tls');
+
+{
+  const buffer = Buffer.from('abcd');
+  const out = {};
+  tls.convertNPNProtocols(buffer, out);
+  out.NPNProtocols.write('efgh');
+  assert(buffer.equals(Buffer.from('abcd')));
+  assert(out.NPNProtocols.equals(Buffer.from('efgh')));
+}