Bud – A TLS terminating proxy

Love bud! Fedor does a massive amount of the work on node&#x27;s TLS implementation. I recently remarked to him that that bud&#x27;s OCSP code would be better as a separate module - merely as a suggestion - and the next thing I knew <a href="https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;ocsp" rel="nofollow">https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;ocsp</a> was released.<p>bud is one of the few node based TLS terminators and easily the best maintained. Modulus (the hosting company) use a Go based implementation. I think Nodejitsu had a node TLS terminator too but I&#x27;m not sure what happened to it post-GoDaddy.

If you&#x27;re running a release build with asserts turned off, and the connection uses SPDY, and the length of the domain name of the host is in the valid range of 245-253 bytes, then it looks like you can overwrite the stack at line 158 of xforward.c, at<p><pre><code> memcpy(frame + 12, client-&gt;remote.host, client-&gt;remote.host_len); </code></pre> It&#x27;s 2015. One should not be hand-coding string manipulation at the pointer level.

The author of Bud is Fedor Indutny who won the CloudFlare Heartbleed Challenge (<a href="https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;the-results-of-the-cloudflare-challenge&#x2F;" rel="nofollow">https:&#x2F;&#x2F;blog.cloudflare.com&#x2F;the-results-of-the-cloudflare-ch...</a>).

Is there a feature-based reason to use this over HAProxy or nginx, or is this a &quot;it&#x27;s written in Node&quot; thing?

Name clash with <a href="https:&#x2F;&#x2F;github.com&#x2F;bloom-lang&#x2F;bud" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;bloom-lang&#x2F;bud</a> is unfortunate.