From 3170cb49d8b0e6fd7b95813eafc64f68b18ba762 Mon Sep 17 00:00:00 2001 From: Andre Jodat-Danbrani Date: Fri, 12 Oct 2018 14:44:10 -0400 Subject: [PATCH] tls: throw if protocol too long The convertProtocols() function now throws a range error when the byte length of a protocol is too long to fit in a Buffer. Also added a test case in test/parallel/test-tls-basic-validations.js to cover this. PR-URL: https://github.com/nodejs/node/pull/23606 Reviewed-By: Anna Henningsen Reviewed-By: James M Snell Reviewed-By: Matteo Collina Reviewed-By: Sakthipriyan Vairamani --- lib/internal/errors.js | 7 ++++--- lib/tls.js | 9 ++++++++- test/parallel/test-tls-basic-validations.js | 13 +++++++++++++ 3 files changed, 25 insertions(+), 4 deletions(-) diff --git a/lib/internal/errors.js b/lib/internal/errors.js index 9f5e6d696c3043..9ec369ce0a12b8 100644 --- a/lib/internal/errors.js +++ b/lib/internal/errors.js @@ -834,10 +834,11 @@ E('ERR_NO_ICU', '%s is not supported on Node.js compiled without ICU', TypeError); E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported', Error); E('ERR_OUT_OF_RANGE', - (name, range, value) => { - let msg = `The value of "${name}" is out of range.`; + (str, range, input, replaceDefaultBoolean = false) => { + let msg = replaceDefaultBoolean ? str : + `The value of "${str}" is out of range.`; if (range !== undefined) msg += ` It must be ${range}.`; - msg += ` Received ${value}`; + msg += ` Received ${input}`; return msg; }, RangeError); E('ERR_REQUIRE_ESM', 'Must use import to load ES Module: %s', Error); diff --git a/lib/tls.js b/lib/tls.js index 0324f6db877d48..b8de6efc8e402d 100644 --- a/lib/tls.js +++ b/lib/tls.js @@ -21,7 +21,10 @@ 'use strict'; -const { ERR_TLS_CERT_ALTNAME_INVALID } = require('internal/errors').codes; +const { + ERR_TLS_CERT_ALTNAME_INVALID, + ERR_OUT_OF_RANGE +} = require('internal/errors').codes; const internalUtil = require('internal/util'); const internalTLS = require('internal/tls'); internalUtil.assertCrypto(); @@ -59,6 +62,10 @@ function convertProtocols(protocols) { const lens = new Array(protocols.length); const buff = Buffer.allocUnsafe(protocols.reduce((p, c, i) => { var len = Buffer.byteLength(c); + if (len > 255) { + throw new ERR_OUT_OF_RANGE('The byte length of the protocol at index ' + + `${i} exceeds the maximum length.`, '<= 255', len, true); + } lens[i] = len; return p + 1 + len; }, 0)); diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js index 3840acc0243898..b5987251a71b13 100644 --- a/test/parallel/test-tls-basic-validations.js +++ b/test/parallel/test-tls-basic-validations.js @@ -115,3 +115,16 @@ common.expectsError( tls.convertNPNProtocols(buffer, out); assert(out.NPNProtocols.equals(Buffer.from('abcd'))); } + +{ + const protocols = [(new String('a')).repeat(500)]; + const out = {}; + common.expectsError( + () => tls.convertALPNProtocols(protocols, out), + { + code: 'ERR_OUT_OF_RANGE', + message: 'The byte length of the protocol at index 0 exceeds the ' + + 'maximum length. It must be <= 255. Received 500' + } + ); +}