From e151e909fd2918effd9349079d07cd4e7b5c36fb Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Tue, 20 Apr 2021 11:59:02 +0200 Subject: [PATCH] tls: validate ticket keys buffer Fixes: https://github.com/nodejs/node/issues/38305 PR-URL: https://github.com/nodejs/node/pull/38308 Reviewed-By: Darshan Sen Reviewed-By: Luigi Pinca Reviewed-By: James M Snell --- doc/api/tls.md | 3 ++- lib/_tls_wrap.js | 3 +++ test/parallel/test-tls-ticket-invalid-arg.js | 24 ++++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-ticket-invalid-arg.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 0b8795661b1002..432ffff8675c8e 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted. added: v3.0.0 --> -* `keys` {Buffer} A 48-byte buffer containing the session ticket keys. +* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session + ticket keys. Sets the session ticket keys. diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index a54bd0d0d35777..66ebc7b77869f7 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1396,6 +1396,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() { Server.prototype.setTicketKeys = function setTicketKeys(keys) { + validateBuffer(keys); + assert(keys.byteLength === 48, + 'Session ticket keys must be a 48-byte buffer'); this._sharedCreds.context.setTicketKeys(keys); }; diff --git a/test/parallel/test-tls-ticket-invalid-arg.js b/test/parallel/test-tls-ticket-invalid-arg.js new file mode 100644 index 00000000000000..55143cdca31e77 --- /dev/null +++ b/test/parallel/test-tls-ticket-invalid-arg.js @@ -0,0 +1,24 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) { + common.skip('missing crypto'); +} + +const assert = require('assert'); +const tls = require('tls'); + +const server = new tls.Server(); + +[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, '', () => {}] + .forEach((arg) => + assert.throws( + () => server.setTicketKeys(arg), + { code: 'ERR_INVALID_ARG_TYPE' } + )); + +[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach( + (arg) => + assert.throws(() => { + server.setTicketKeys(arg); + }, /Session ticket keys must be a 48-byte buffer/) +);