1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

tls: use validateFunction for options.checkServerIdentity

Browse Source 
If user uses invalid type for `options.checkServerIdentity`
in tls.connect(), it's not internal issue of Node.js. So
validateFunction() is more proper than assert().

Fixes: https://github.com/nodejs/node/issues/49839
PR-URL: https://github.com/nodejs/node/pull/49896
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
This commit is contained in:
Deokjin Kim 2023-10-01 07:38:10 +09:00 committed by GitHub
parent e6e320ecc7
commit 092fb9f541
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/_tls_wrap.js
View File

@ -1738,7 +1738,7 @@ exports.connect = function connect(...args) {
if (!options.keepAlive) if (!options.keepAlive)
options.singleUse = true; options.singleUse = true;
assert(typeof options.checkServerIdentity === 'function'); validateFunction(options.checkServerIdentity, 'options.checkServerIdentity');
assert(typeof options.minDHSize === 'number', assert(typeof options.minDHSize === 'number',
'options.minDHSize is not a number: ' + options.minDHSize); 'options.minDHSize is not a number: ' + options.minDHSize);
assert(options.minDHSize > 0, assert(options.minDHSize > 0,

9
test/parallel/test-tls-basic-validations.js
View File

@ -135,3 +135,12 @@ assert.throws(() => { tls.createSecureContext({ maxVersion: 'fhqwhgads' }); },
code: 'ERR_TLS_INVALID_PROTOCOL_VERSION', code: 'ERR_TLS_INVALID_PROTOCOL_VERSION',
name: 'TypeError' name: 'TypeError'
}); });
for (const checkServerIdentity of [undefined, null, 1, true]) {
assert.throws(() => {
tls.connect({ checkServerIdentity });
}, {
code: 'ERR_INVALID_ARG_TYPE',
name: 'TypeError',
});
}