tls: validate ticket keys buffer

Fixes: #38305 PR-URL: #38308 Reviewed-By: Darshan Sen <raisinten@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
nodejs · Apr 23, 2021 · e151e90 · e151e90
1 parent 37b811a
commit e151e90
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 1 deletion.
diff --git a/doc/api/tls.md b/doc/api/tls.md
@@ -730,7 +730,8 @@ existing server. Existing connections to the server are not interrupted.
 added: v3.0.0
 -->
 
-* `keys` {Buffer} A 48-byte buffer containing the session ticket keys.
+* `keys` {Buffer|TypedArray|DataView} A 48-byte buffer containing the session
+  ticket keys.
 
 Sets the session ticket keys.
 

diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js
@@ -1396,6 +1396,9 @@ Server.prototype.getTicketKeys = function getTicketKeys() {
 
 
 Server.prototype.setTicketKeys = function setTicketKeys(keys) {
+  validateBuffer(keys);
+  assert(keys.byteLength === 48,
+         'Session ticket keys must be a 48-byte buffer');
   this._sharedCreds.context.setTicketKeys(keys);
 };
 

diff --git a/test/parallel/test-tls-ticket-invalid-arg.js b/test/parallel/test-tls-ticket-invalid-arg.js
@@ -0,0 +1,24 @@
+'use strict';
+const common = require('../common');
+if (!common.hasCrypto) {
+  common.skip('missing crypto');
+}
+
+const assert = require('assert');
+const tls = require('tls');
+
+const server = new tls.Server();
+
+[null, undefined, 0, 1, 1n, Symbol(), {}, [], true, false, '', () => {}]
+  .forEach((arg) =>
+    assert.throws(
+      () => server.setTicketKeys(arg),
+      { code: 'ERR_INVALID_ARG_TYPE' }
+    ));
+
+[new Uint8Array(1), Buffer.from([1]), new DataView(new ArrayBuffer(2))].forEach(
+  (arg) =>
+    assert.throws(() => {
+      server.setTicketKeys(arg);
+    }, /Session ticket keys must be a 48-byte buffer/)
+);