diff options
| author | Rich Trott <rtrott@gmail.com> | 2019-11-29 12:02:04 -0800 |
|---|---|---|
| committer | Rich Trott <rtrott@gmail.com> | 2019-12-01 12:07:14 -0800 |
| commit | d25db11312e9ef4392042380b812359fad103707 (patch) | |
| tree | 9ecc10f34c7fc7deeb2084cb95f64df577d04243 /lib | |
| parent | 7da6630aa4a3ba7f866be3af83ccd812102c281b (diff) | |
| download | android-node-v8-d25db11312e9ef4392042380b812359fad103707.tar.gz android-node-v8-d25db11312e9ef4392042380b812359fad103707.tar.bz2 android-node-v8-d25db11312e9ef4392042380b812359fad103707.zip | |
tls: introduce ERR_TLS_INVALID_CONTEXT
It is trivially possible to cause an internal assertion error with
tls.createSecurePair(). Throw a friendly error instead. Reserve internal
assertions for things that we believe to be impossible.
PR-URL: https://github.com/nodejs/node/pull/30718
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/_tls_wrap.js | 6 | ||||
| -rw-r--r-- | lib/internal/errors.js | 1 |
2 files changed, 5 insertions, 2 deletions
diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 6f08f91c43..530a41a1e8 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -56,6 +56,7 @@ const { ERR_SOCKET_CLOSED, ERR_TLS_DH_PARAM_SIZE, ERR_TLS_HANDSHAKE_TIMEOUT, + ERR_TLS_INVALID_CONTEXT, ERR_TLS_RENEGOTIATION_DISABLED, ERR_TLS_REQUIRED_SERVER_NAME, ERR_TLS_SESSION_ATTACK, @@ -517,8 +518,9 @@ TLSSocket.prototype._wrapHandle = function(wrap) { options.credentials || tls.createSecureContext(options); assert(handle.isStreamBase, 'handle must be a StreamBase'); - assert(context.context instanceof NativeSecureContext, - 'context.context must be a NativeSecureContext'); + if (!(context.context instanceof NativeSecureContext)) { + throw new ERR_TLS_INVALID_CONTEXT('context'); + } const res = tls_wrap.wrap(handle, context.context, !!options.isServer); res._parent = handle; // C++ "wrap" object: TCPWrap, JSStream, ... res._parentWrap = wrap; // JS object: net.Socket, JSStreamSocket, ... diff --git a/lib/internal/errors.js b/lib/internal/errors.js index 88a38f5e1d..f85253ec44 100644 --- a/lib/internal/errors.js +++ b/lib/internal/errors.js @@ -1169,6 +1169,7 @@ E('ERR_TLS_CERT_ALTNAME_INVALID', function(reason, host, cert) { }, Error); E('ERR_TLS_DH_PARAM_SIZE', 'DH parameter size %s is less than 2048', Error); E('ERR_TLS_HANDSHAKE_TIMEOUT', 'TLS handshake timeout', Error); +E('ERR_TLS_INVALID_CONTEXT', '%s must be a SecureContext', TypeError), E('ERR_TLS_INVALID_PROTOCOL_VERSION', '%j is not a valid %s TLS protocol version', TypeError); E('ERR_TLS_PROTOCOL_VERSION_CONFLICT', |