TLS: server should die on junk

diff --git a/lib/tls.js b/lib/tls.js
index cb63384..14598d2 100644 (file)
--- a/lib/tls.js
+++ b/lib/tls.js
@@ -129,7 +129,12 @@ CryptoStream.prototype._blow = function() {
                                   pool.used + bytesRead,
                                   pool.length - pool.used - bytesRead);
       } catch (e) {
-        return this.pair._error(e);
+        if (this.pair._secureEstablished) {
+          this.pair._error(e);
+        } else {
+          this.pair._destroy();
+        }
+        return;
       }
       if (chunkBytes >= 0) {
         bytesRead += chunkBytes;
@@ -167,7 +172,12 @@ CryptoStream.prototype._suck = function() {
     try {
       rv = this._sucker(tmp);
     } catch (e) {
-      return this.pair._error(e);
+      if (this.pair._secureEstablished) {
+        this.pair._error(e);
+      } else {
+        this.pair._destroy();
+      }
+      return;
     }
 
     if (rv === 0) {

diff --git a/test/simple/test-tls-junk-closes-server.js b/test/simple/test-tls-junk-closes-server.js
new file mode 100644 (file)
index 0000000..57f216f
--- /dev/null
+++ b/test/simple/test-tls-junk-closes-server.js
@@ -0,0 +1,28 @@
+var common = require('../common');
+var tls = require('tls');
+var fs = require('fs');
+var net = require('net');
+
+var options = {
+  key: fs.readFileSync(common.fixturesDir + '/keys/agent2-key.pem'),
+  cert: fs.readFileSync(common.fixturesDir + '/keys/agent2-cert.pem')
+};
+
+var server = tls.createServer(function (s) {
+  s.write("welcome!\n");
+  s.pipe(s);
+});
+
+server.listen(common.PORT, function () {
+  var c = net.createConnection(common.PORT);
+
+  c.on('connect', function () {
+    c.write("blah\nblah\nblah\n");
+  });
+
+  c.on('end', function () {
+    server.close();
+  });
+
+});
+