Skip to content

Commit d6c4973

Browse files
BaochengSuBaochengSu
committedOct 21, 2020
Ported from OpenSUSE:nodejs8-8.17.0-lp152.147.1:CVE-2019-15604.patch Original commit message: commit f940bee Author: Fedor Indutny <[email protected]> Date: Tue Nov 26 12:47:00 2019 -0800 crypto: fix assertion caused by unsupported ext `X509V3_EXT_print` can return value different from `1` if the X509 extension does not support printing to a buffer. Instead of failing with an unrecoverable assertion - replace the relevant value in the hashmap with a JS null value. Fixes: https://hackerone.com/reports/746733 Backport-PR-URL: https://github.com/nodejs-private/node-private/pull/193 PR-URL: https://github.com/nodejs-private/node-private/pull/175 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Beth Griggs <[email protected]> Signed-off-by: Su Baocheng <[email protected]>
1 parent bdb063b commit d6c4973

File tree

2 files changed

+84
-3
lines changed

2 files changed

+84
-3
lines changed
 

‎src/node_crypto.cc

+5-3
Original file line numberDiff line numberDiff line change
@@ -1743,9 +1743,11 @@ static Local<Object> X509ToObject(Environment* env, X509* cert) {
17431743
ext = X509_get_ext(cert, index);
17441744
CHECK_NE(ext, nullptr);
17451745

1746-
if (!SafeX509ExtPrint(bio, ext)) {
1747-
rv = X509V3_EXT_print(bio, ext, 0, 0);
1748-
CHECK_EQ(rv, 1);
1746+
if (!SafeX509ExtPrint(bio, ext) &&
1747+
X509V3_EXT_print(bio, ext, 0, 0) != 1) {
1748+
info->Set(context, keys[i], Null(env->isolate())).FromJust();
1749+
(void) BIO_reset(bio);
1750+
continue;
17491751
}
17501752

17511753
BIO_get_mem_ptr(bio, &mem);

‎test/parallel/test-tls-cert-ext-encoding.js

+79
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,79 @@
1+
'use strict';
2+
const common = require('../common');
3+
if (!common.hasCrypto)
4+
common.skip('missing crypto');
5+
6+
// NOTE: This certificate is hand-generated, hence it is not located in
7+
// `test/fixtures/keys` to avoid confusion.
8+
//
9+
// The key property of this cert is that subjectAltName contains a string with
10+
// a type `23` which cannot be encoded into string by `X509V3_EXT_print`.
11+
const pem = `
12+
-----BEGIN RSA PRIVATE KEY-----
13+
MIIEowIBAAKCAQEAzrmfPz5M3wTq2/CwMeSQr/N+R1FCJ+O5n+SMleKvBqaK63eJ
14+
kL4BnySMc+ZLKCt4UQSsPFIBK63QFq8n6/vjuTDMJiBTsvzytw8zJt1Zr2HA71N3
15+
VIPt6NdJ/w5lgddTYxR7XudJZJ5lk3PkG8ZgrhuenPYP80UJYVzAC2YZ9KYe3r2B
16+
rVbut1j+8h0TwVcx2Zg5PorsC/EVxHwo4dCmIHceodikr3UVqHneRcrDBytdG6Mo
17+
IqHhZJwBeii/EES9tpWwWbzYYh+38aGGLIF2h5UlVpr0bdBVVUg+uVX3y/Qmu2Qv
18+
4CrAO2IPV6JER9Niwl3ktzNjOMAUQG6BCRSqRQIDAQABAoIBAAmB0+cOsG5ZRYvT
19+
5+aDgnv1EMuq2wYGnRTTZ/vErxP5OM5XcwYrFtwAzEzQPIieZywisOEdTFx74+QH
20+
LijWLsTnj5v5RKAorejpVArnhyZfsoXPKt/CKYDZ1ddbDCQKiRU3be0RafisqDM9
21+
0zHLz8pyDrtdPaKMfD/0Cgj8KxlrLTmfD4otPXds8fZpQe1hR1y12XKVp47l1siW
22+
qFGTaUPDJpQ67xybR08x5DOqmyo4cNMOuReRWrc/qRbWint9U1882eOH09gVfpJZ
23+
Gp6FZVPSgz10MZdLSPLhXqZkY4IxIvNltjBDqkmivd12CD+GVr0qUmTJHzTpk+kG
24+
/CWuRQkCgYEA4EFf8SJHEl0fLDJnOQFyUPY3MalMuopUkQ5CBUe3QXjQhHXsRDfj
25+
Ci/lyzShJkHPbMDHb/rx3lYZB0xNhwnMWKS1gCFVgOCOTZLfD0K1Anxc1hOSgVxI
26+
y5FdO9VW7oQNlsMH/WuDHps0HhJW/00lcrmdyoUM1+fE/3yPQndhUmMCgYEA6/z6
27+
8Gq4PHHNql+gwunAH2cZKNdmcP4Co8MvXCZwIJsLenUuLIZQ/YBKZoM/y5X/cFAG
28+
WFJJuUe6KFetPaDm6NgZgpOmawyUwd5czDjJ6wWgsRywiTISInfJlgWLBVMOuba7
29+
iBL9Xuy0hmcbj0ByoRW9l3gCiBX3yJw3I6wqXTcCgYBnjei22eRF15iIeTHvQfq+
30+
5iNwnEQhM7V/Uj0sYQR/iEGJmUaj7ca6somDf2cW2nblOlQeIpxD1jAyjYqTW/Pv
31+
zwc9BqeMHqW3rqWwT1Z0smbQODOD5tB6qEKMWaSN+Y6o2qC65kWjAXpclI110PME
32+
+i+iEDRxEsaGT8d7otLfDwKBgQCs+xBaQG/x5p2SAGzP0xYALstzc4jk1FzM+5rw
33+
mkBgtiXQyqpg+sfNOkfPIvAVZEsMYax0+0SNKrWbMsGLRjFchmMUovQ+zccQ4NT2
34+
4b2op8Rlbxk8R9ahK1s5u7Bu47YMjZSjJwBQn4OobVX3SI994njJ2a9JX4j0pQWK
35+
AX5AOwKBgAfOsr8HSHTcxSW4F9gegj+hXsRYbdA+eUkFhEGrYyRJgIlQrk/HbuZC
36+
mKd/bQ5R/vwd1cxgV6A0APzpZtbwdhvP0RWji+WnPPovgGcfK0AHFstHnga67/uu
37+
h2LHnKQZ1qWHn+BXWo5d7hBRwWVaK66g3GDN0blZpSz1kKcpy1Pl
38+
-----END RSA PRIVATE KEY-----
39+
-----BEGIN CERTIFICATE-----
40+
MIICwjCCAaqgAwIBAgIDAQABMA0GCSqGSIb3DQEBDQUAMBUxEzARBgNVBAMWCmxv
41+
Y2FsLmhvc3QwHhcNMTkxMjA1MDQyODMzWhcNNDQxMTI5MDQyODMzWjAVMRMwEQYD
42+
VQQDFgpsb2NhbC5ob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
43+
zrmfPz5M3wTq2/CwMeSQr/N+R1FCJ+O5n+SMleKvBqaK63eJkL4BnySMc+ZLKCt4
44+
UQSsPFIBK63QFq8n6/vjuTDMJiBTsvzytw8zJt1Zr2HA71N3VIPt6NdJ/w5lgddT
45+
YxR7XudJZJ5lk3PkG8ZgrhuenPYP80UJYVzAC2YZ9KYe3r2BrVbut1j+8h0TwVcx
46+
2Zg5PorsC/EVxHwo4dCmIHceodikr3UVqHneRcrDBytdG6MoIqHhZJwBeii/EES9
47+
tpWwWbzYYh+38aGGLIF2h5UlVpr0bdBVVUg+uVX3y/Qmu2Qv4CrAO2IPV6JER9Ni
48+
wl3ktzNjOMAUQG6BCRSqRQIDAQABoxswGTAXBgNVHREEEDAOlwwqLmxvY2FsLmhv
49+
c3QwDQYJKoZIhvcNAQENBQADggEBAH5ThRLDLwOGuhKsifyiq7k8gbx1FqRegO7H
50+
SIiIYYB35v5Pk0ZPN8QBJwNQzJEjUMjCpHXNdBxknBXRaA8vkbnryMfJm37gPTwA
51+
m6r0uEG78WgcEAe8bgf9iKtQGP/iydKXpSSpDgKoHbswIxD5qtzT+o6VNnkRTSfK
52+
/OGwakluFSoJ/Q9rLpR8lKjA01BhetXMmHbETiY8LSkxOymMldXSzUTD1WdrVn8U
53+
L3dobxT//R/0GraKXG02mf3gZNlb0MMTvW0pVwVy39YmcPEGh8L0hWh1rpAA/VXC
54+
f79uOowv3lLTzQ9na5EThA0tp8d837hdYrrIHh5cfTqBDxG0Tu8=
55+
-----END CERTIFICATE-----
56+
`;
57+
58+
const tls = require('tls');
59+
60+
const options = {
61+
key: pem,
62+
cert: pem,
63+
};
64+
65+
const server = tls.createServer(options, (socket) => {
66+
socket.end();
67+
});
68+
server.listen(0, common.mustCall(function() {
69+
const client = tls.connect({
70+
port: this.address().port,
71+
rejectUnauthorized: false
72+
}, common.mustCall(() => {
73+
// This should not crash process:
74+
client.getPeerCertificate();
75+
76+
server.close();
77+
client.end();
78+
}));
79+
}));

0 commit comments

Comments
 (0)
Please sign in to comment.