tls: fix out-of-bounds read in ClientHelloParser

ClientHelloParser::ParseHeader(data, avail) potentially accesses data beyond avail bytes because it trusts the client to transmit a valid frame length. Sending an impossibly small frame length causes the TLS server to read beyond the buffer provided by the caller. Guard against this by calling End() on the ClientHelloParser when the client transmits an impossibly small frame length. The test is designed to reliable cause a segmentation fault on Linux and Windows when the buffer overrun occurs, and to trigger a spatial safety violation when compiled with an address sanitizer enabled or when running under valgrind. PR-URL: https://github.com/nodejs/node/pull/44580 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Minwoo Jung <nodecorelab@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2022-09-15 20:27:04 +0300
committer: RafaelGSS <rafael.nunu@hotmail.com> 2022-09-27 01:07:44 +0300
commit: 752e1472e1913a1f375422228ca9dd703d675e7f (patch)
tree: 29e07f87b76c632e66f3002d6ec6e069736d6bea /node.gyp
parent: eb3635184bd0a6dcbde03aa27fe5f3cf9eb5e0bf (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/node.gyp b/node.gyp
index 2dfa91fea66..b94a2b1d986 100644
--- a/node.gyp
+++ b/node.gyp
@@ -1250,6 +1250,7 @@
             'HAVE_OPENSSL=1',
           ],
           'sources': [
+            'test/cctest/test_crypto_clienthello.cc',
             'test/cctest/test_node_crypto.cc',
           ]
         }],
author	Tobias Nießen <tniessen@tnie.de>	2022-09-15 20:27:04 +0300
committer	RafaelGSS <rafael.nunu@hotmail.com>	2022-09-27 01:07:44 +0300
commit	752e1472e1913a1f375422228ca9dd703d675e7f (patch)
tree	29e07f87b76c632e66f3002d6ec6e069736d6bea /node.gyp
parent	eb3635184bd0a6dcbde03aa27fe5f3cf9eb5e0bf (diff)