diff options
| author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-04-12 22:10:59 +0200 |
|---|---|---|
| committer | Myles Borins <mylesborins@google.com> | 2018-06-12 20:46:09 -0400 |
| commit | 785e5ba48cb57a05c9c0966a502d34ac03084561 (patch) | |
| tree | dab489f7db38382c98a4544fe46390fc7123db77 /test/parallel/test-tls-write-error.js | |
| parent | 0cb3325f124805c0f8911627a38cfb34be35b675 (diff) | |
| download | android-node-v8-785e5ba48cb57a05c9c0966a502d34ac03084561.tar.gz android-node-v8-785e5ba48cb57a05c9c0966a502d34ac03084561.tar.bz2 android-node-v8-785e5ba48cb57a05c9c0966a502d34ac03084561.zip | |
test: add tls write error regression test
Add a mock TLS socket implementation and a regression test for
the previous commit.
Refs: https://github.com/nodejs-private/security/issues/189
PR-URL: https://github.com/nodejs-private/node-private/pull/127
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Diffstat (limited to 'test/parallel/test-tls-write-error.js')
| -rw-r--r-- | test/parallel/test-tls-write-error.js | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/test/parallel/test-tls-write-error.js b/test/parallel/test-tls-write-error.js new file mode 100644 index 0000000000..2783e62d06 --- /dev/null +++ b/test/parallel/test-tls-write-error.js @@ -0,0 +1,55 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const { TestTLSSocket, ccs } = require('../common/tls'); +const fixtures = require('../common/fixtures'); +const https = require('https'); + +// Regression test for an use-after-free bug in the TLS implementation that +// would occur when `SSL_write()` failed. +// Refs: https://github.com/nodejs-private/security/issues/189 + +const server_key = fixtures.readKey('agent1-key.pem'); +const server_cert = fixtures.readKey('agent1-cert.pem'); + +const opts = { + key: server_key, + cert: server_cert +}; + +const server = https.createServer(opts, (req, res) => { + res.write('hello'); +}).listen(0, common.mustCall(() => { + const client = new TestTLSSocket(server_cert); + + client.connect({ + host: 'localhost', + port: server.address().port + }, common.mustCall(() => { + const ch = client.createClientHello(); + client.write(ch); + })); + + client.once('data', common.mustCall((buf) => { + let remaining = buf; + do { + remaining = client.parseTLSFrame(remaining); + } while (remaining.length > 0); + + const cke = client.createClientKeyExchange(); + const finished = client.createFinished(); + const ill = client.createIllegalHandshake(); + const frames = Buffer.concat([ + cke, + ccs, + client.encrypt(finished), + client.encrypt(ill) + ]); + client.write(frames, common.mustCall(() => { + client.end(); + server.close(); + })); + })); +})); |