crypto: handle i2d_SSL_SESSION() error return

i2d_SSL_SESSION() can return a value <= 0 when the session is malformed or otherwise invalid. Handle that case. This change comes without a regression test because I couldn't figure out a good way to generate an existing but invalid session in a timely fashion. Fixes: https://github.com/nodejs/node/issues/29202 PR-URL: https://github.com/nodejs/node/pull/29225 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
author: Ben Noordhuis <info@bnoordhuis.nl> 2019-08-20 15:10:42 +0300
committer: Rich Trott <rtrott@gmail.com> 2019-08-23 07:35:09 +0300
commit: ceace1f96eb0862a2944bc38c2e897974169f622 (patch)
tree: 2bf94f1c096c58eda11e6b7259565b097a0c295f /src/node_crypto.cc
parent: 6726f567d7110c0e3f402babb6e0bbdfd2a97156 (diff)
1 files changed, 3 insertions, 2 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index de301d77c22..5634d8b1dc5 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -2317,11 +2317,12 @@ void SSLWrap<Base>::GetSession(const FunctionCallbackInfo<Value>& args) {
     return;
 
   int slen = i2d_SSL_SESSION(sess, nullptr);
-  CHECK_GT(slen, 0);
+  if (slen <= 0)
+    return;  // Invalid or malformed session.
 
   AllocatedBuffer sbuf = env->AllocateManaged(slen);
   unsigned char* p = reinterpret_cast<unsigned char*>(sbuf.data());
-  i2d_SSL_SESSION(sess, &p);
+  CHECK_LT(0, i2d_SSL_SESSION(sess, &p));
   args.GetReturnValue().Set(sbuf.ToBuffer().ToLocalChecked());
 }
author	Ben Noordhuis <info@bnoordhuis.nl>	2019-08-20 15:10:42 +0300
committer	Rich Trott <rtrott@gmail.com>	2019-08-23 07:35:09 +0300
commit	ceace1f96eb0862a2944bc38c2e897974169f622 (patch)
tree	2bf94f1c096c58eda11e6b7259565b097a0c295f /src/node_crypto.cc
parent	6726f567d7110c0e3f402babb6e0bbdfd2a97156 (diff)