From 2f7911727d66cf0e2b4b91a05276d554fdfc31ae Mon Sep 17 00:00:00 2001
From: Rich Trott <rtrott@gmail.com>
Date: Fri, 25 May 2018 13:21:43 -0700
Subject: [PATCH] tls: throw if SNICallback is not a function

If a value is passed for SNICallback and it is not a function,
createServer() will now throw.
---
 lib/_tls_wrap.js                            |  5 +++++
 test/parallel/test-tls-snicallback-error.js | 17 +++++++++++++++++
 2 files changed, 22 insertions(+)
 create mode 100644 test/parallel/test-tls-snicallback-error.js

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
index d85d85752b631b..77b37c54f0aee0 100644
--- a/lib/_tls_wrap.js
+++ b/lib/_tls_wrap.js
@@ -896,6 +896,11 @@ function Server(options, listener) {
       'options.handshakeTimeout', 'number', options.handshakeTimeout);
   }
 
+  if (this[kSNICallback] && typeof this[kSNICallback] !== 'function') {
+    throw new ERR_INVALID_ARG_TYPE(
+      'options.SNICallback', 'function', options.SNICallback);
+  }
+
   if (this.sessionTimeout) {
     this._sharedCreds.context.setSessionTimeout(this.sessionTimeout);
   }
diff --git a/test/parallel/test-tls-snicallback-error.js b/test/parallel/test-tls-snicallback-error.js
new file mode 100644
index 00000000000000..307a359ebb2ab1
--- /dev/null
+++ b/test/parallel/test-tls-snicallback-error.js
@@ -0,0 +1,17 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+if (!process.features.tls_sni)
+  common.skip('compiled without OpenSSL or with old OpenSSL version');
+
+const assert = require('assert');
+const tls = require('tls');
+
+['fhqwhgads', 42, {}, []].forEach((testValue) => {
+  assert.throws(
+    () => { tls.createServer({ SNICallback: testValue }); },
+    { code: 'ERR_INVALID_ARG_TYPE', message: /\boptions\.SNICallback\b/ }
+  );
+});