crypto: fix another over-run in bio

indutny · indutny · commit e5791f74f0bb · 2013-08-03T14:04:55.000+04:00
When doing `FreeEmpty`, `NodeBIO` skips pre-allocated `head_` buffer.
However this might lead to double-freeing buffers since in `~NodeBIO()`
we're starting deallocation from `head_` buffer.
diff --git a/src/node_crypto_bio.cc b/src/node_crypto_bio.cc
@@ -232,21 +232,24 @@ void NodeBIO::FreeEmpty() {
   if (cur == write_head_ || cur == read_head_)
     return;
 
+  Buffer* prev = child;
   while (cur != read_head_) {
-    // Skip embedded buffer
+    // Skip embedded buffer, and continue deallocating again starting from it
     if (cur == &head_) {
+      prev->next_ = cur;
+      prev = cur;
       cur = head_.next_;
       continue;
     }
     assert(cur != write_head_);
     assert(cur->write_pos_ == cur->read_pos_);
 
     Buffer* next = cur->next_;
-    child->next_ = next;
     delete cur;
-
     cur = next;
   }
+  assert(prev == child || prev == &head_);
+  prev->next_ = cur;
 }
 
 
