Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 3170cb4

Browse filesBrowse files
Andre Jodat-DanbraniMylesBorins
Andre Jodat-Danbrani
authored and
MylesBorins
committed
tls: throw if protocol too long
The convertProtocols() function now throws a range error when the byte length of a protocol is too long to fit in a Buffer. Also added a test case in test/parallel/test-tls-basic-validations.js to cover this. PR-URL: #23606 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
1 parent 15d05bb commit 3170cb4
Copy full SHA for 3170cb4

File tree

Expand file treeCollapse file tree

3 files changed

+25
-4
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+25
-4
lines changed
Open diff view settings
Collapse file

‎lib/internal/errors.js‎

Copy file name to clipboardExpand all lines: lib/internal/errors.js
+4-3Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -834,10 +834,11 @@ E('ERR_NO_ICU',
834834
'%s is not supported on Node.js compiled without ICU', TypeError);
835835
E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported', Error);
836836
E('ERR_OUT_OF_RANGE',
837-
(name, range, value) => {
838-
let msg = `The value of "${name}" is out of range.`;
837+
(str, range, input, replaceDefaultBoolean = false) => {
838+
let msg = replaceDefaultBoolean ? str :
839+
`The value of "${str}" is out of range.`;
839840
if (range !== undefined) msg += ` It must be ${range}.`;
840-
msg += ` Received ${value}`;
841+
msg += ` Received ${input}`;
841842
return msg;
842843
}, RangeError);
843844
E('ERR_REQUIRE_ESM', 'Must use import to load ES Module: %s', Error);
Collapse file

‎lib/tls.js‎

Copy file name to clipboardExpand all lines: lib/tls.js
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,10 @@
2121

2222
'use strict';
2323

24-
const { ERR_TLS_CERT_ALTNAME_INVALID } = require('internal/errors').codes;
24+
const {
25+
ERR_TLS_CERT_ALTNAME_INVALID,
26+
ERR_OUT_OF_RANGE
27+
} = require('internal/errors').codes;
2528
const internalUtil = require('internal/util');
2629
const internalTLS = require('internal/tls');
2730
internalUtil.assertCrypto();
@@ -59,6 +62,10 @@ function convertProtocols(protocols) {
5962
const lens = new Array(protocols.length);
6063
const buff = Buffer.allocUnsafe(protocols.reduce((p, c, i) => {
6164
var len = Buffer.byteLength(c);
65+
if (len > 255) {
66+
throw new ERR_OUT_OF_RANGE('The byte length of the protocol at index ' +
67+
`${i} exceeds the maximum length.`, '<= 255', len, true);
68+
}
6269
lens[i] = len;
6370
return p + 1 + len;
6471
}, 0));
Collapse file

‎test/parallel/test-tls-basic-validations.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-tls-basic-validations.js
+13Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -115,3 +115,16 @@ common.expectsError(
115115
tls.convertNPNProtocols(buffer, out);
116116
assert(out.NPNProtocols.equals(Buffer.from('abcd')));
117117
}
118+
119+
{
120+
const protocols = [(new String('a')).repeat(500)];
121+
const out = {};
122+
common.expectsError(
123+
() => tls.convertALPNProtocols(protocols, out),
124+
{
125+
code: 'ERR_OUT_OF_RANGE',
126+
message: 'The byte length of the protocol at index 0 exceeds the ' +
127+
'maximum length. It must be <= 255. Received 500'
128+
}
129+
);
130+
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.