Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: check SecureContext existence #16964

Closed

Conversation

sam-github
Copy link
Contributor

SecureContext should always be present, CHECK() it, on theory an explicit crash is better than one due to null pointer deref (if that is even reachable).

@cjihrig @bnoordhuis ?

Fix:

*** CID 179169: Null pointer dereferences (NULL_RETURNS)
/src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfov8::Value &)()
1347
1348 // SSL_CTX_set_client_cert_engine does not itself support multiple
1349 // calls by cleaning up before overwriting the client_cert_engine
1350 // internal context variable.
1351 // Instead of trying to fix up this problem we in turn also do not
1352 // support multiple calls to SetClientCertEngine.

CID 179169:  Null pointer dereferences  (NULL_RETURNS)
Dereferencing a null pointer "sc".

1353 if (sc->client_cert_engine_provided_) {
1354 return env->ThrowError(
1355 "Multiple calls to SetClientCertEngine are not allowed");
1356 }
1357
1358 const node::Utf8Value engine_id(env->isolate(), args[0]);

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Nov 12, 2017
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, we usually prefer explicit nullptr checks, i.e. CHECK_NE(sc, nullptr);

@sam-github
Copy link
Contributor Author

Hah, can you tell we're in the same timezone still, Anna? :-)

Fix:

	*** CID 179169:  Null pointer dereferences  (NULL_RETURNS)
	/src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfo<v8::Value> &)()
	1347
	1348       // SSL_CTX_set_client_cert_engine does not itself support multiple
	1349       // calls by cleaning up before overwriting the client_cert_engine
	1350       // internal context variable.
	1351       // Instead of trying to fix up this problem we in turn also do not
	1352       // support multiple calls to SetClientCertEngine.
	>>>     CID 179169:  Null pointer dereferences  (NULL_RETURNS)
	>>>     Dereferencing a null pointer "sc".
	1353       if (sc->client_cert_engine_provided_) {
	1354         return env->ThrowError(
	1355             "Multiple calls to SetClientCertEngine are not allowed");
	1356       }
	1357
	1358       const node::Utf8Value engine_id(env->isolate(), args[0]);
@sam-github sam-github force-pushed the check-crypto-ctx-pointer branch from b56cb16 to 8fbbb34 Compare November 12, 2017 13:45
@sam-github
Copy link
Contributor Author

Rewrote as CHECK_NE(), will redo PR test later, I'm about to fly home.

@addaleax
Copy link
Member

@sam-github have a safe trip home!

@bnoordhuis
Copy link
Member

Oh, hah... #16965. Guess I should have checked my github notifications first.

ASSIGN_OR_RETURN_UNWRAP() is the right thing to use here.

@bnoordhuis
Copy link
Member

I went ahead and landed #16965 (commit 6c76140.) Thanks anyway, Sam.

@bnoordhuis bnoordhuis closed this Nov 15, 2017
@sam-github sam-github deleted the check-crypto-ctx-pointer branch November 15, 2017 13:56
@sam-github
Copy link
Contributor Author

No problem, thanks Ben.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants