diff options
author | Jimmy Cann <mail@jimmycann.com> | 2017-08-14 00:24:12 +1000 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2017-08-27 10:53:32 -0300 |
commit | a7dccd040d72ce7de61d9160ec031420c52a49d4 (patch) | |
tree | 800671809fc2b5af3498e185ebc7cee8ae2b28ec /lib/_tls_common.js | |
parent | 0097794922d29692b3487eccf5c6204fe230543d (diff) | |
download | node-new-a7dccd040d72ce7de61d9160ec031420c52a49d4.tar.gz |
tls: type checking for `key`, `cert` and `ca` options
PR-URL: https://github.com/nodejs/node/pull/14807
Fixes: https://github.com/nodejs/node/issues/12802
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Roman Reiss <me@silverwind.io>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Diffstat (limited to 'lib/_tls_common.js')
-rw-r--r-- | lib/_tls_common.js | 34 |
1 files changed, 24 insertions, 10 deletions
diff --git a/lib/_tls_common.js b/lib/_tls_common.js index 36b2ebdad6..d2de21dd06 100644 --- a/lib/_tls_common.js +++ b/lib/_tls_common.js @@ -22,6 +22,7 @@ 'use strict'; const tls = require('tls'); +const errors = require('internal/errors'); const SSL_OP_CIPHER_SERVER_PREFERENCE = process.binding('constants').crypto.SSL_OP_CIPHER_SERVER_PREFERENCE; @@ -52,6 +53,14 @@ function SecureContext(secureProtocol, secureOptions, context) { if (secureOptions) this.context.setOptions(secureOptions); } +function validateKeyCert(value, type) { + if (typeof value !== 'string' && !ArrayBuffer.isView(value)) + throw new errors.TypeError( + 'ERR_INVALID_ARG_TYPE', type, + ['string', 'Buffer', 'TypedArray', 'DataView'] + ); +} + exports.SecureContext = SecureContext; @@ -71,10 +80,12 @@ exports.createSecureContext = function createSecureContext(options, context) { // cert's issuer in C++ code. if (options.ca) { if (Array.isArray(options.ca)) { - for (i = 0; i < options.ca.length; i++) { - c.context.addCACert(options.ca[i]); - } + options.ca.forEach((ca) => { + validateKeyCert(ca, 'ca'); + c.context.addCACert(ca); + }); } else { + validateKeyCert(options.ca, 'ca'); c.context.addCACert(options.ca); } } else { @@ -83,9 +94,12 @@ exports.createSecureContext = function createSecureContext(options, context) { if (options.cert) { if (Array.isArray(options.cert)) { - for (i = 0; i < options.cert.length; i++) - c.context.setCert(options.cert[i]); + options.cert.forEach((cert) => { + validateKeyCert(cert, 'cert'); + c.context.setCert(cert); + }); } else { + validateKeyCert(options.cert, 'cert'); c.context.setCert(options.cert); } } @@ -96,12 +110,12 @@ exports.createSecureContext = function createSecureContext(options, context) { // which leads to the crash later on. if (options.key) { if (Array.isArray(options.key)) { - for (i = 0; i < options.key.length; i++) { - const key = options.key[i]; - const passphrase = key.passphrase || options.passphrase; - c.context.setKey(key.pem || key, passphrase); - } + options.key.forEach((k) => { + validateKeyCert(k.pem || k, 'key'); + c.context.setKey(k.pem || k, k.passphrase || options.passphrase); + }); } else { + validateKeyCert(options.key, 'key'); c.context.setKey(options.key, options.passphrase); } } |