-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: check SecureContext existence #16964
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
By the way, we usually prefer explicit nullptr checks, i.e. CHECK_NE(sc, nullptr);
Hah, can you tell we're in the same timezone still, Anna? :-) |
Fix: *** CID 179169: Null pointer dereferences (NULL_RETURNS) /src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfo<v8::Value> &)() 1347 1348 // SSL_CTX_set_client_cert_engine does not itself support multiple 1349 // calls by cleaning up before overwriting the client_cert_engine 1350 // internal context variable. 1351 // Instead of trying to fix up this problem we in turn also do not 1352 // support multiple calls to SetClientCertEngine. >>> CID 179169: Null pointer dereferences (NULL_RETURNS) >>> Dereferencing a null pointer "sc". 1353 if (sc->client_cert_engine_provided_) { 1354 return env->ThrowError( 1355 "Multiple calls to SetClientCertEngine are not allowed"); 1356 } 1357 1358 const node::Utf8Value engine_id(env->isolate(), args[0]);
b56cb16
to
8fbbb34
Compare
Rewrote as |
@sam-github have a safe trip home! |
Oh, hah... #16965. Guess I should have checked my github notifications first.
|
No problem, thanks Ben. |
SecureContext should always be present,
CHECK()
it, on theory an explicit crash is better than one due to null pointer deref (if that is even reachable).@cjihrig @bnoordhuis ?
Fix:
*** CID 179169: Null pointer dereferences (NULL_RETURNS)
/src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfov8::Value &)()
1347
1348 // SSL_CTX_set_client_cert_engine does not itself support multiple
1349 // calls by cleaning up before overwriting the client_cert_engine
1350 // internal context variable.
1351 // Instead of trying to fix up this problem we in turn also do not
1352 // support multiple calls to SetClientCertEngine.
1353 if (sc->client_cert_engine_provided_) {
1354 return env->ThrowError(
1355 "Multiple calls to SetClientCertEngine are not allowed");
1356 }
1357
1358 const node::Utf8Value engine_id(env->isolate(), args[0]);
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)