Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 5b393d9

Browse filesBrowse files
aduh95targos
aduh95
authored and
targos
committed
tls: validate ticket keys buffer
Fixes: #38305 PR-URL: #38308 Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
1 parent 1cccc2d commit 5b393d9
Copy full SHA for 5b393d9

File tree

Expand file treeCollapse file tree

3 files changed

+29
-1
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

3 files changed

+29
-1
lines changed
Open diff view settings
Collapse file

‎doc/api/tls.md‎

Copy file name to clipboardExpand all lines: doc/api/tls.md
+2-1Lines changed: 2 additions & 1 deletion
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted.
730730
added: v3.0.0
731731
-->
732732

733-
* `keys` {Buffer} A 48-byte buffer containing the session ticket keys.
733+
* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session
734+
ticket keys.
734735

735736
Sets the session ticket keys.
736737

Collapse file

‎lib/_tls_wrap.js‎

Copy file name to clipboardExpand all lines: lib/_tls_wrap.js
+3Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1396,6 +1396,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() {
13961396

13971397

13981398
Server.prototype.setTicketKeys = function setTicketKeys(keys) {
1399+
validateBuffer(keys);
1400+
assert(keys.byteLength === 48,
1401+
'Session ticket keys must be a 48-byte buffer');
13991402
this._sharedCreds.context.setTicketKeys(keys);
14001403
};
14011404

Collapse file

‎test/parallel/test-tls-ticket-invalid-arg.js‎

Copy file name to clipboard
+24Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
'use strict';
2+
const common = require('../common');
3+
if (!common.hasCrypto) {
4+
common.skip('missing crypto');
5+
}
6+
7+
const assert = require('assert');
8+
const tls = require('tls');
9+
10+
const server = new tls.Server();
11+
12+
[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, '', () => {}]
13+
.forEach((arg) =>
14+
assert.throws(
15+
() => server.setTicketKeys(arg),
16+
{ code: 'ERR_INVALID_ARG_TYPE' }
17+
));
18+
19+
[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach(
20+
(arg) =>
21+
assert.throws(() => {
22+
server.setTicketKeys(arg);
23+
}, /Session ticket keys must be a 48-byte buffer/)
24+
);

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.