Skip to content

Commit

Permalink
tls: validate ticket keys buffer
Browse files Browse the repository at this point in the history
Fixes: #38305
  • Loading branch information
aduh95 committed Apr 20, 2021
1 parent d666964 commit 72d211b
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 1 deletion.
3 changes: 2 additions & 1 deletion doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted.
added: v3.0.0
-->

* `keys` {Buffer} A 48-byte buffer containing the session ticket keys.
* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session
ticket keys.

Sets the session ticket keys.

Expand Down
3 changes: 3 additions & 0 deletions lib/_tls_wrap.js
Original file line number Diff line number Diff line change
Expand Up @@ -1394,6 +1394,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() {


Server.prototype.setTicketKeys = function setTicketKeys(keys) {
validateBuffer(keys);
assert(keys.byteLength === 48,
'Session ticket keys must be a 48-byte buffer');
this._sharedCreds.context.setTicketKeys(keys);
};

Expand Down
22 changes: 22 additions & 0 deletions test/parallel/test-tls-ticket-invalid-arg.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
'use strict';
const common = require('../common');
if (!common.hasCrypto) {
common.skip('missing crypto');
}

const assert = require('assert');
const tls = require('tls');

[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, ''].forEach(
(arg) =>
assert.throws(() => {
new tls.Server().setTicketKeys(arg);
}, /"buffer" argument must be an instance of Buffer, TypedArray, or DataView/)
);

[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach(
(arg) =>
assert.throws(() => {
new tls.Server().setTicketKeys(arg);
}, /Session ticket keys must be a 48-byte buffer/)
);

0 comments on commit 72d211b

Please sign in to comment.