tls: throw if protocol too long

The convertProtocols() function now throws a range error when the byte length of a protocol is too long to fit in a Buffer. Also added a test case in test/parallel/test-tls-basic-validations.js to cover this. PR-URL: https://github.com/nodejs/node/pull/23606 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
2024-11-21 10:59:27 +00:00 · 2018-10-12 14:44:10 -04:00 · 2018-10-12 14:44:10 -04:00 · cdba3c1de0
commit cdba3c1de0
parent 51cd9719b5
3 changed files with 25 additions and 4 deletions
--- a/lib/internal/errors.js
+++ b/lib/internal/errors.js
@ -825,10 +825,11 @@ E('ERR_NO_ICU',
  '%s is not supported on Node.js compiled without ICU', TypeError);
 E('ERR_NO_LONGER_SUPPORTED', '%s is no longer supported', Error);
 E('ERR_OUT_OF_RANGE',
-  (name, range, value) => {
-    let msg = `The value of "${name}" is out of range.`;
+  (str, range, input, replaceDefaultBoolean = false) => {
+    let msg = replaceDefaultBoolean ? str :
+      `The value of "${str}" is out of range.`;
    if (range !== undefined) msg += ` It must be ${range}.`;
-    msg += ` Received ${value}`;
+    msg += ` Received ${input}`;
    return msg;
  }, RangeError);
 E('ERR_REQUIRE_ESM', 'Must use import to load ES Module: %s', Error);
--- a/lib/tls.js
+++ b/lib/tls.js
@ -21,7 +21,10 @@

 'use strict';

-const { ERR_TLS_CERT_ALTNAME_INVALID } = require('internal/errors').codes;
+const {
+  ERR_TLS_CERT_ALTNAME_INVALID,
+  ERR_OUT_OF_RANGE
+} = require('internal/errors').codes;
 const internalUtil = require('internal/util');
 const internalTLS = require('internal/tls');
 internalUtil.assertCrypto();
@ -60,6 +63,10 @@ function convertProtocols(protocols) {
  const lens = new Array(protocols.length);
  const buff = Buffer.allocUnsafe(protocols.reduce((p, c, i) => {
    var len = Buffer.byteLength(c);
+    if (len > 255) {
+      throw new ERR_OUT_OF_RANGE('The byte length of the protocol at index ' +
+        `${i} exceeds the maximum length.`, '<= 255', len, true);
+    }
    lens[i] = len;
    return p + 1 + len;
  }, 0));
--- a/test/parallel/test-tls-basic-validations.js
+++ b/test/parallel/test-tls-basic-validations.js
@ -102,3 +102,16 @@ common.expectsError(
    assert(out.ALPNProtocols.equals(Buffer.from(expectView)));
  }
 }
+
+{
+  const protocols = [(new String('a')).repeat(500)];
+  const out = {};
+  common.expectsError(
+    () => tls.convertALPNProtocols(protocols, out),
+    {
+      code: 'ERR_OUT_OF_RANGE',
+      message: 'The byte length of the protocol at index 0 exceeds the ' +
+        'maximum length. It must be <= 255. Received 500'
+    }
+  );
+}