Skip to content

Commit

Permalink
crypto: handle i2d_SSL_SESSION() error return
Browse files Browse the repository at this point in the history
i2d_SSL_SESSION() can return a value <= 0 when the session is malformed
or otherwise invalid. Handle that case.

This change comes without a regression test because I couldn't figure
out a good way to generate an existing but invalid session in a timely
fashion.

Fixes: #29202

PR-URL: #29225
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
bnoordhuis authored and Trott committed Aug 23, 2019
1 parent 6726f56 commit ceace1f
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions src/node_crypto.cc
Original file line number Diff line number Diff line change
Expand Up @@ -2317,11 +2317,12 @@ void SSLWrap<Base>::GetSession(const FunctionCallbackInfo<Value>& args) {
return;

int slen = i2d_SSL_SESSION(sess, nullptr);
CHECK_GT(slen, 0);
if (slen <= 0)
return; // Invalid or malformed session.

AllocatedBuffer sbuf = env->AllocateManaged(slen);
unsigned char* p = reinterpret_cast<unsigned char*>(sbuf.data());
i2d_SSL_SESSION(sess, &p);
CHECK_LT(0, i2d_SSL_SESSION(sess, &p));
args.GetReturnValue().Set(sbuf.ToBuffer().ToLocalChecked());
}

Expand Down

0 comments on commit ceace1f

Please sign in to comment.