Skip to content

Commit

Permalink
tls: refactor to avoid unsafe array iteration
Browse files Browse the repository at this point in the history
PR-URL: #36772
Reviewed-By: Rich Trott <[email protected]>
  • Loading branch information
aduh95 committed Jan 11, 2021
1 parent 6520a87 commit 307b79d
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 18 deletions.
25 changes: 13 additions & 12 deletions lib/_tls_common.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@
const {
ArrayIsArray,
ArrayPrototypeFilter,
ArrayPrototypeForEach,
ArrayPrototypeJoin,
ArrayPrototypePush,
ObjectCreate,
Expand Down Expand Up @@ -142,18 +143,18 @@ function processCiphers(ciphers) {
return { cipherList, cipherSuites };
}

function addCACerts(context, ...certs) {
for (const cert of certs) {
function addCACerts(context, certs) {
ArrayPrototypeForEach(certs, (cert) => {
validateKeyOrCertOption('ca', cert);
context.addCACert(cert);
}
});
}

function setCerts(context, ...certs) {
for (const cert of certs) {
function setCerts(context, certs) {
ArrayPrototypeForEach(certs, (cert) => {
validateKeyOrCertOption('cert', cert);
context.setCert(cert);
}
});
}

exports.createSecureContext = function createSecureContext(options) {
Expand Down Expand Up @@ -196,18 +197,18 @@ exports.createSecureContext = function createSecureContext(options) {
// change the checks to !== undefined checks.
if (ca) {
if (ArrayIsArray(ca))
addCACerts(c.context, ...ca);
else
addCACerts(c.context, ca);
else
addCACerts(c.context, [ca]);
} else {
c.context.addRootCerts();
}

if (cert) {
if (ArrayIsArray(cert))
setCerts(c.context, ...cert);
else
setCerts(c.context, cert);
else
setCerts(c.context, [cert]);
}

// Set the key after the cert.
Expand Down Expand Up @@ -318,15 +319,15 @@ exports.createSecureContext = function createSecureContext(options) {

if (pfx !== undefined) {
if (ArrayIsArray(pfx)) {
for (const val of pfx) {
ArrayPrototypeForEach(pfx, (val) => {
const raw = val.buf ? val.buf : val;
const pass = val.passphrase || passphrase;
if (pass !== undefined) {
c.context.loadPKCS12(toBuf(raw), toBuf(pass));
} else {
c.context.loadPKCS12(toBuf(raw));
}
}
});
} else if (passphrase) {
c.context.loadPKCS12(toBuf(pfx), toBuf(passphrase));
} else {
Expand Down
5 changes: 3 additions & 2 deletions lib/internal/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

const {
ArrayIsArray,
ArrayPrototypeForEach,
ArrayPrototypePush,
StringPrototypeIndexOf,
StringPrototypeSlice,
Expand All @@ -13,7 +14,7 @@ const {
// C=US\nST=CA\nL=SF\nO=Joyent\nOU=Node.js\nCN=ca1\[email protected]
function parseCertString(s) {
const out = ObjectCreate(null);
for (const part of StringPrototypeSplit(s, '\n')) {
ArrayPrototypeForEach(StringPrototypeSplit(s, '\n'), (part) => {
const sepIndex = StringPrototypeIndexOf(part, '=');
if (sepIndex > 0) {
const key = StringPrototypeSlice(part, 0, sepIndex);
Expand All @@ -27,7 +28,7 @@ function parseCertString(s) {
out[key] = value;
}
}
}
});
return out;
}

Expand Down
11 changes: 7 additions & 4 deletions lib/tls.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,15 @@
const {
Array,
ArrayIsArray,
ArrayPrototypeForEach,
ArrayPrototypeIncludes,
ArrayPrototypeJoin,
ArrayPrototypePush,
ArrayPrototypeReduce,
ArrayPrototypeSome,
ObjectDefineProperty,
ObjectFreeze,
ReflectConstruct,
RegExpPrototypeTest,
StringFromCharCode,
StringPrototypeCharCodeAt,
Expand Down Expand Up @@ -214,7 +216,7 @@ function check(hostParts, pattern, wildcards) {
if (patternParts.length <= 2)
return false;

const [prefix, suffix] = patternSubdomainParts;
const { 0: prefix, 1: suffix } = patternSubdomainParts;

if (prefix.length + suffix.length > hostSubdomain.length)
return false;
Expand All @@ -239,7 +241,8 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
hostname = '' + hostname;

if (altNames) {
for (const name of StringPrototypeSplit(altNames, ', ')) {
const splitAltNames = StringPrototypeSplit(altNames, ', ');
ArrayPrototypeForEach(splitAltNames, (name) => {
if (StringPrototypeStartsWith(name, 'DNS:')) {
ArrayPrototypePush(dnsNames, StringPrototypeSlice(name, 4));
} else if (StringPrototypeStartsWith(name, 'URI:')) {
Expand All @@ -264,7 +267,7 @@ exports.checkServerIdentity = function checkServerIdentity(hostname, cert) {
} else if (StringPrototypeStartsWith(name, 'IP Address:')) {
ArrayPrototypePush(ips, canonicalizeIP(StringPrototypeSlice(name, 11)));
}
}
});
}

let valid = false;
Expand Down Expand Up @@ -359,7 +362,7 @@ exports.connect = _tls_wrap.connect;

exports.createSecurePair = internalUtil.deprecate(
function createSecurePair(...args) {
return new SecurePair(...args);
return ReflectConstruct(SecurePair, args);
},
'tls.createSecurePair() is deprecated. Please use ' +
'tls.TLSSocket instead.', 'DEP0064');

0 comments on commit 307b79d

Please sign in to comment.