Skip to content

crypto: check SecureContext existence #16964

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sam-github wants to merge 1 commit into from
Closed

crypto: check SecureContext existence #16964

sam-github wants to merge 1 commit into from

Conversation

@sam-github
Copy link
Contributor

@sam-github sam-github commented Nov 12, 2017

SecureContext should always be present, CHECK() it, on theory an explicit crash is better than one due to null pointer deref (if that is even reachable).

@cjihrig @bnoordhuis ?

Fix:

*** CID 179169: Null pointer dereferences (NULL_RETURNS)
/src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfov8::Value &)()
1347
1348 // SSL_CTX_set_client_cert_engine does not itself support multiple
1349 // calls by cleaning up before overwriting the client_cert_engine
1350 // internal context variable.
1351 // Instead of trying to fix up this problem we in turn also do not
1352 // support multiple calls to SetClientCertEngine.

CID 179169:  Null pointer dereferences  (NULL_RETURNS)
Dereferencing a null pointer "sc".

1353 if (sc->client_cert_engine_provided_) {
1354 return env->ThrowError(
1355 "Multiple calls to SetClientCertEngine are not allowed");
1356 }
1357
1358 const node::Utf8Value engine_id(env->isolate(), args[0]);

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Nov 12, 2017
addaleax
addaleax approved these changes Nov 12, 2017
View reviewed changes
Copy link
Member

@addaleax addaleax left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, we usually prefer explicit nullptr checks, i.e. CHECK_NE(sc, nullptr);

@sam-github
Copy link
Contributor Author

sam-github commented Nov 12, 2017

Hah, can you tell we're in the same timezone still, Anna? :-)

@sam-github
crypto: check SecureContext existence
8fbbb34 
Fix:

	*** CID 179169:  Null pointer dereferences  (NULL_RETURNS)
	/src/node_crypto.cc: 1353 in node::crypto::SecureContext::SetClientCertEngine(const v8::FunctionCallbackInfo<v8::Value> &)()
	1347
	1348       // SSL_CTX_set_client_cert_engine does not itself support multiple
	1349       // calls by cleaning up before overwriting the client_cert_engine
	1350       // internal context variable.
	1351       // Instead of trying to fix up this problem we in turn also do not
	1352       // support multiple calls to SetClientCertEngine.
	>>>     CID 179169:  Null pointer dereferences  (NULL_RETURNS)
	>>>     Dereferencing a null pointer "sc".
	1353       if (sc->client_cert_engine_provided_) {
	1354         return env->ThrowError(
	1355             "Multiple calls to SetClientCertEngine are not allowed");
	1356       }
	1357
	1358       const node::Utf8Value engine_id(env->isolate(), args[0]);
@sam-github sam-github force-pushed the check-crypto-ctx-pointer branch from b56cb16 to 8fbbb34 Compare November 12, 2017 13:45
@sam-github
Copy link
Contributor Author

sam-github commented Nov 12, 2017

Rewrote as CHECK_NE(), will redo PR test later, I'm about to fly home.

@addaleax
Copy link
Member

addaleax commented Nov 12, 2017

@sam-github have a safe trip home!

@bnoordhuis
Copy link
Member

bnoordhuis commented Nov 12, 2017

Oh, hah... #16965. Guess I should have checked my github notifications first.

ASSIGN_OR_RETURN_UNWRAP() is the right thing to use here.

@bnoordhuis bnoordhuis mentioned this pull request Nov 12, 2017
Closed
4 tasks
@bnoordhuis
Copy link
Member

bnoordhuis commented Nov 15, 2017

I went ahead and landed #16965 (commit 6c76140.) Thanks anyway, Sam.

@bnoordhuis bnoordhuis closed this Nov 15, 2017
@sam-github sam-github deleted the check-crypto-ctx-pointer branch November 15, 2017 13:56
@sam-github
Copy link
Contributor Author

sam-github commented Nov 15, 2017

No problem, thanks Ben.

@snyk-bot snyk-bot mentioned this pull request Mar 18, 2020
Open
@snyk-bot snyk-bot mentioned this pull request Apr 1, 2020
Open
@kissofire kissofire mentioned this pull request Mar 7, 2021
Open
@meghasfdc meghasfdc mentioned this pull request Mar 8, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell jasnell approved these changes

@addaleax addaleax addaleax approved these changes

@cjihrig cjihrig cjihrig approved these changes

Assignees

No one assigned

Labels

c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@sam-github @addaleax @bnoordhuis @jasnell @cjihrig @nodejs-github-bot