From 72d211b8a49f2b3f2945c8e8ab1b75aaad15ad4b Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Tue, 20 Apr 2021 11:59:02 +0200 Subject: [PATCH] tls: validate ticket keys buffer Fixes: https://github.com/nodejs/node/issues/38305 --- doc/api/tls.md | 3 ++- lib/_tls_wrap.js | 3 +++ test/parallel/test-tls-ticket-invalid-arg.js | 22 ++++++++++++++++++++ 3 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-tls-ticket-invalid-arg.js diff --git a/doc/api/tls.md b/doc/api/tls.md index 0b8795661b1002..432ffff8675c8e 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted. added: v3.0.0 --> -* `keys` {Buffer} A 48-byte buffer containing the session ticket keys. +* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session + ticket keys. Sets the session ticket keys. diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index 9ecd92021de17f..bbcd62d9f046b0 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1394,6 +1394,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() { Server.prototype.setTicketKeys = function setTicketKeys(keys) { + validateBuffer(keys); + assert(keys.byteLength === 48, + 'Session ticket keys must be a 48-byte buffer'); this._sharedCreds.context.setTicketKeys(keys); }; diff --git a/test/parallel/test-tls-ticket-invalid-arg.js b/test/parallel/test-tls-ticket-invalid-arg.js new file mode 100644 index 00000000000000..4a430d3b00b7b8 --- /dev/null +++ b/test/parallel/test-tls-ticket-invalid-arg.js @@ -0,0 +1,22 @@ +'use strict'; +const common = require('../common'); +if (!common.hasCrypto) { + common.skip('missing crypto'); +} + +const assert = require('assert'); +const tls = require('tls'); + +[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, ''].forEach( + (arg) => + assert.throws(() => { + new tls.Server().setTicketKeys(arg); + }, /"buffer" argument must be an instance of Buffer, TypedArray, or DataView/) +); + +[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach( + (arg) => + assert.throws(() => { + new tls.Server().setTicketKeys(arg); + }, /Session ticket keys must be a 48-byte buffer/) +);