From a673c9ae2d9ede5ddf6d401f68744c5657900fdc Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Wed, 2 Mar 2016 14:04:42 +0100 Subject: [PATCH] tls: fix assert in context._external accessor * Restrict the receiver to instances of the FunctionTemplate. * Use `args.This()` instead of `args.Holder()`. Fixes: https://github.com/nodejs/node/issues/3682 PR-URL: https://github.com/nodejs/node/pull/5521 Reviewed-By: Fedor Indutny --- src/node_crypto.cc | 45 +++++++++++---------- test/parallel/test-tls-external-accessor.js | 24 +++++++++++ 2 files changed, 48 insertions(+), 21 deletions(-) create mode 100644 test/parallel/test-tls-external-accessor.js diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 21186bde6c7979..382a42f22727f8 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -63,6 +63,7 @@ static const int X509_NAME_FLAGS = ASN1_STRFLGS_ESC_CTRL namespace node { namespace crypto { +using v8::AccessorSignature; using v8::Array; using v8::Boolean; using v8::Context; @@ -315,7 +316,8 @@ void SecureContext::Initialize(Environment* env, Local target) { nullptr, env->as_external(), DEFAULT, - static_cast(ReadOnly | DontDelete)); + static_cast(ReadOnly | DontDelete), + AccessorSignature::New(env->isolate(), t)); target->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "SecureContext"), t->GetFunction()); @@ -1146,9 +1148,7 @@ int SecureContext::TicketKeyCallback(SSL* ssl, void SecureContext::CtxGetter(Local property, const PropertyCallbackInfo& info) { - HandleScope scope(info.GetIsolate()); - - SSL_CTX* ctx = Unwrap(info.Holder())->ctx_; + SSL_CTX* ctx = Unwrap(info.This())->ctx_; Local ext = External::New(info.GetIsolate(), ctx); info.GetReturnValue().Set(ext); } @@ -1216,7 +1216,8 @@ void SSLWrap::AddMethods(Environment* env, Local t) { nullptr, env->as_external(), DEFAULT, - static_cast(ReadOnly | DontDelete)); + static_cast(ReadOnly | DontDelete), + AccessorSignature::New(env->isolate(), t)); } @@ -2203,10 +2204,8 @@ void SSLWrap::CertCbDone(const FunctionCallbackInfo& args) { template void SSLWrap::SSLGetter(Local property, - const PropertyCallbackInfo& info) { - HandleScope scope(info.GetIsolate()); - - SSL* ssl = Unwrap(info.Holder())->ssl_; + const PropertyCallbackInfo& info) { + SSL* ssl = Unwrap(info.This())->ssl_; Local ext = External::New(info.GetIsolate(), ssl); info.GetReturnValue().Set(ext); } @@ -4144,12 +4143,14 @@ void DiffieHellman::Initialize(Environment* env, Local target) { env->SetProtoMethod(t, "setPublicKey", SetPublicKey); env->SetProtoMethod(t, "setPrivateKey", SetPrivateKey); - t->InstanceTemplate()->SetAccessor(env->verify_error_string(), - DiffieHellman::VerifyErrorGetter, - nullptr, - env->as_external(), - DEFAULT, - attributes); + t->InstanceTemplate()->SetAccessor( + env->verify_error_string(), + DiffieHellman::VerifyErrorGetter, + nullptr, + env->as_external(), + DEFAULT, + attributes, + AccessorSignature::New(env->isolate(), t)); target->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "DiffieHellman"), t->GetFunction()); @@ -4164,12 +4165,14 @@ void DiffieHellman::Initialize(Environment* env, Local target) { env->SetProtoMethod(t2, "getPublicKey", GetPublicKey); env->SetProtoMethod(t2, "getPrivateKey", GetPrivateKey); - t2->InstanceTemplate()->SetAccessor(env->verify_error_string(), - DiffieHellman::VerifyErrorGetter, - nullptr, - env->as_external(), - DEFAULT, - attributes); + t2->InstanceTemplate()->SetAccessor( + env->verify_error_string(), + DiffieHellman::VerifyErrorGetter, + nullptr, + env->as_external(), + DEFAULT, + attributes, + AccessorSignature::New(env->isolate(), t2)); target->Set(FIXED_ONE_BYTE_STRING(env->isolate(), "DiffieHellmanGroup"), t2->GetFunction()); diff --git a/test/parallel/test-tls-external-accessor.js b/test/parallel/test-tls-external-accessor.js new file mode 100644 index 00000000000000..919af0e8f33e4f --- /dev/null +++ b/test/parallel/test-tls-external-accessor.js @@ -0,0 +1,24 @@ +'use strict'; + +const common = require('../common'); +const assert = require('assert'); + +if (!common.hasCrypto) { + console.log('1..0 # Skipped: missing crypto'); + return; +} + +// Ensure accessing ._external doesn't hit an assert in the accessor method. +const tls = require('tls'); +{ + const pctx = tls.createSecureContext().context; + const cctx = Object.create(pctx); + assert.throws(() => cctx._external, /incompatible receiver/); + pctx._external; +} +{ + const pctx = tls.createSecurePair().credentials.context; + const cctx = Object.create(pctx); + assert.throws(() => cctx._external, /incompatible receiver/); + pctx._external; +}