tls: throw if protocol too long

Andre Jodat-Danbrani · MylesBorins · commit 3170cb49d8b0 · 2018-12-26T11:18:45.000-05:00
The convertProtocols() function now throws a range error when the byte length of a protocol is too long to fit in a Buffer. Also added a test case in test/parallel/test-tls-basic-validations.js to cover this. PR-URL: #23606 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
@@ -834,10 +834,11 @@ E('ERR_NO_ICU',
 '%s is not supported on Node.js compiled without ICU', TypeError);
 E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported', Error);
 E('ERR_OUT_OF_RANGE',
- (name, range, value) =>{
- let msg = `The value of "${name}" is out of range.`;
+ (str, range, input, replaceDefaultBoolean = false) =>{
+ let msg = replaceDefaultBoolean ? str :
+ `The value of "${str}" is out of range.`;
 if (range !== undefined) msg += ` It must be ${range}.`;
- msg += ` Received ${value}`;
+ msg += ` Received ${input}`;
 return msg;
 }, RangeError);
 E('ERR_REQUIRE_ESM', 'Must use import to load ES Module: %s', Error);
diff --git a/lib/tls.js b/lib/tls.js
@@ -21,7 +21,10 @@
 
 'use strict';
 
-const{ERR_TLS_CERT_ALTNAME_INVALID } = require('internal/errors').codes;
+const{
+ ERR_TLS_CERT_ALTNAME_INVALID,
+ ERR_OUT_OF_RANGE
+} = require('internal/errors').codes;
 const internalUtil = require('internal/util');
 const internalTLS = require('internal/tls');
 internalUtil.assertCrypto();
@@ -59,6 +62,10 @@ function convertProtocols(protocols){
 const lens = new Array(protocols.length);
 const buff = Buffer.allocUnsafe(protocols.reduce((p, c, i) =>{
 var len = Buffer.byteLength(c);
+ if (len > 255){
+ throw new ERR_OUT_OF_RANGE('The byte length of the protocol at index ' +
+ `${i} exceeds the maximum length.`, '<= 255', len, true);
+ }
 lens[i] = len;
 return p + 1 + len;
 }, 0));
diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
@@ -115,3 +115,16 @@ common.expectsError(
 tls.convertNPNProtocols(buffer, out);
 assert(out.NPNProtocols.equals(Buffer.from('abcd')));
 }
+
+{
+ const protocols = [(new String('a')).repeat(500)];
+ const out ={};
+ common.expectsError(
+ () => tls.convertALPNProtocols(protocols, out),
+{
+ code: 'ERR_OUT_OF_RANGE',
+ message: 'The byte length of the protocol at index 0 exceeds the ' +
+ 'maximum length. It must be <= 255. Received 500'
+ }
+ );
+}

-Original file line number
+Diff line change
 '%s is not supported on Node.js compiled without ICU',TypeError);
 E('ERR_NO_LONGER_SUPPORTED','%s is no longer supported',Error);
 E('ERR_OUT_OF_RANGE',
 -(name,range,value)=>{
 -letmsg=`The value of "${name}" is out of range.`;
 +(str,range,input,replaceDefaultBoolean=false)=>{
 +letmsg=replaceDefaultBoolean ? str :
 +`The value of "${str}" is out of range.`;
 if(range!==undefined)msg+=` It must be ${range}.`;
 -msg+=` Received ${value}`;
 +msg+=` Received ${input}`;
 returnmsg;
 },RangeError);
 E('ERR_REQUIRE_ESM','Must use import to load ES Module: %s',Error);
-Original file line number
+Diff line change
 'use strict';
 -const{ERR_TLS_CERT_ALTNAME_INVALID}=require('internal/errors').codes;
 +const{
 +ERR_TLS_CERT_ALTNAME_INVALID,
 +ERR_OUT_OF_RANGE
 +}=require('internal/errors').codes;
 constinternalUtil=require('internal/util');
 constinternalTLS=require('internal/tls');
 internalUtil.assertCrypto();
 constlens=newArray(protocols.length);
 constbuff=Buffer.allocUnsafe(protocols.reduce((p,c,i)=>{
 varlen=Buffer.byteLength(c);
 +if(len>255){
 +thrownewERR_OUT_OF_RANGE('The byte length of the protocol at index '+
 +`${i} exceeds the maximum length.`,'<= 255',len,true);
 +}
 lens[i]=len;
 returnp+1+len;
 },0));