tls: introduce ERR_TLS_INVALID_CONTEXT

Trott · targos · commit 7aa1df707679 · 2019-12-02T11:11:28.000+01:00
It is trivially possible to cause an internal assertion error with tls.createSecurePair(). Throw a friendly error instead. Reserve internal assertions for things that we believe to be impossible. PR-URL: #30718 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
diff --git a/doc/api/errors.md b/doc/api/errors.md
@@ -1809,6 +1809,14 @@ recommended to use 2048 bits or larger for stronger security.
 A TLS/SSL handshake timed out. In this case, the server must also abort the
 connection.
 
+<a id="ERR_TLS_INVALID_CONTEXT">
+### ERR_TLS_INVALID_CONTEXT
+<!-- YAML
+added: REPLACEME
+-->
+
+The context must be a `SecureContext`.
+
 <a id="ERR_TLS_INVALID_PROTOCOL_METHOD"></a>
 ### ERR_TLS_INVALID_PROTOCOL_METHOD
 
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -56,6 +56,7 @@ const{
 ERR_SOCKET_CLOSED,
 ERR_TLS_DH_PARAM_SIZE,
 ERR_TLS_HANDSHAKE_TIMEOUT,
+ ERR_TLS_INVALID_CONTEXT,
 ERR_TLS_RENEGOTIATION_DISABLED,
 ERR_TLS_REQUIRED_SERVER_NAME,
 ERR_TLS_SESSION_ATTACK,
@@ -517,8 +518,9 @@ TLSSocket.prototype._wrapHandle = function(wrap){
 options.credentials ||
 tls.createSecureContext(options);
 assert(handle.isStreamBase, 'handle must be a StreamBase');
- assert(context.context instanceof NativeSecureContext,
- 'context.context must be a NativeSecureContext');
+ if (!(context.context instanceof NativeSecureContext)){
+ throw new ERR_TLS_INVALID_CONTEXT('context');
+ }
 const res = tls_wrap.wrap(handle, context.context, !!options.isServer);
 res._parent = handle; // C++ "wrap" object: TCPWrap, JSStream, ...
 res._parentWrap = wrap; // JS object: net.Socket, JSStreamSocket, ...
diff --git a/lib/internal/errors.js b/lib/internal/errors.js
@@ -1169,6 +1169,7 @@ E('ERR_TLS_CERT_ALTNAME_INVALID', function(reason, host, cert){
 }, Error);
 E('ERR_TLS_DH_PARAM_SIZE', 'DH parameter size %s is less than 2048', Error);
 E('ERR_TLS_HANDSHAKE_TIMEOUT', 'TLS handshake timeout', Error);
+E('ERR_TLS_INVALID_CONTEXT', '%s must be a SecureContext', TypeError),
 E('ERR_TLS_INVALID_PROTOCOL_VERSION',
 '%j is not a valid %s TLS protocol version', TypeError);
 E('ERR_TLS_PROTOCOL_VERSION_CONFLICT',
diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js
@@ -78,9 +78,13 @@ common.expectsError(
 assert.throws(() => tls.createServer({ticketKeys: Buffer.alloc(0) }),
 /TypeError: Ticket keys length must be 48 bytes/);
 
-common.expectsInternalAssertion(
+assert.throws(
 () => tls.createSecurePair({}),
- 'context.context must be a NativeSecureContext'
+{
+ message: 'context must be a SecureContext',
+ code: 'ERR_TLS_INVALID_CONTEXT',
+ name: 'TypeError',
+ }
 );
 
{

-Original file line number
+Diff line change
 ERR_SOCKET_CLOSED,
 ERR_TLS_DH_PARAM_SIZE,
 ERR_TLS_HANDSHAKE_TIMEOUT,
 +ERR_TLS_INVALID_CONTEXT,
 ERR_TLS_RENEGOTIATION_DISABLED,
 ERR_TLS_REQUIRED_SERVER_NAME,
 ERR_TLS_SESSION_ATTACK,
 options.credentials||
 tls.createSecureContext(options);
 assert(handle.isStreamBase,'handle must be a StreamBase');
 -assert(context.contextinstanceofNativeSecureContext,
 -'context.context must be a NativeSecureContext');
 +if(!(context.contextinstanceofNativeSecureContext)){
 +thrownewERR_TLS_INVALID_CONTEXT('context');
 +}
 constres=tls_wrap.wrap(handle,context.context,!!options.isServer);
 res._parent=handle;// C++ "wrap" object: TCPWrap, JSStream, ...
 res._parentWrap=wrap;// JS object: net.Socket, JSStreamSocket, ...
-Original file line number
+Diff line change
 },Error);
 E('ERR_TLS_DH_PARAM_SIZE','DH parameter size %s is less than 2048',Error);
 E('ERR_TLS_HANDSHAKE_TIMEOUT','TLS handshake timeout',Error);
 +E('ERR_TLS_INVALID_CONTEXT','%s must be a SecureContext',TypeError),
 E('ERR_TLS_INVALID_PROTOCOL_VERSION',
 '%j is not a valid %s TLS protocol version',TypeError);
 E('ERR_TLS_PROTOCOL_VERSION_CONFLICT',