fix(runtime/tls): handle invalid host for connectTls/startTls (#9453)

2024-11-22 04:51:22 +00:00 · 2021-02-11 03:45:10 -08:00 · 2021-02-11 03:45:10 -08:00 · a097c4089b
commit a097c4089b
parent 61108935f1
2 changed files with 22 additions and 4 deletions
--- a/cli/tests/unit/tls_test.ts
+++ b/cli/tests/unit/tls_test.ts
@ -20,6 +20,24 @@ unitTest(async function connectTLSNoPerm(): Promise<void> {
  }, Deno.errors.PermissionDenied);
 });

+unitTest(
+  { perms: { read: true, net: true } },
+  async function connectTLSInvalidHost(): Promise<void> {
+    const listener = await Deno.listenTls({
+      hostname: "localhost",
+      port: 3567,
+      certFile: "cli/tests/tls/localhost.crt",
+      keyFile: "cli/tests/tls/localhost.key",
+    });
+
+    await assertThrowsAsync(async () => {
+      await Deno.connectTls({ hostname: "127.0.0.1", port: 3567 });
+    }, Error);
+
+    listener.close();
+  },
+);
+
 unitTest(async function connectTLSCertFileNoReadPerm(): Promise<void> {
  await assertThrowsAsync(async () => {
    await Deno.connectTls({
--- a/runtime/ops/tls.rs
+++ b/runtime/ops/tls.rs
@ -140,8 +140,8 @@ async fn op_start_tls(
  }

  let tls_connector = TlsConnector::from(Arc::new(config));
-  let dnsname =
-    DNSNameRef::try_from_ascii_str(&domain).expect("Invalid DNS lookup");
+  let dnsname = DNSNameRef::try_from_ascii_str(&domain)
+    .map_err(|_| generic_error("Invalid DNS lookup"))?;
  let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?;

  let rid = {
@ -202,8 +202,8 @@ async fn op_connect_tls(
    config.root_store.add_pem_file(reader).unwrap();
  }
  let tls_connector = TlsConnector::from(Arc::new(config));
-  let dnsname =
-    DNSNameRef::try_from_ascii_str(&domain).expect("Invalid DNS lookup");
+  let dnsname = DNSNameRef::try_from_ascii_str(&domain)
+    .map_err(|_| generic_error("Invalid DNS lookup"))?;
  let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?;
  let rid = {
    let mut state_ = state.borrow_mut();