From 092fb9f541ce8cc07289b5a69eb93892445739f5 Mon Sep 17 00:00:00 2001 From: Deokjin Kim Date: Sun, 1 Oct 2023 07:38:10 +0900 Subject: [PATCH] tls: use validateFunction for `options.checkServerIdentity` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If user uses invalid type for `options.checkServerIdentity` in tls.connect(), it's not internal issue of Node.js. So validateFunction() is more proper than assert(). Fixes: https://github.com/nodejs/node/issues/49839 PR-URL: https://github.com/nodejs/node/pull/49896 Reviewed-By: Antoine du Hamel Reviewed-By: Tobias Nießen --- lib/_tls_wrap.js | 2 +- test/parallel/test-tls-basic-validations.js | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/_tls_wrap.js b/lib/_tls_wrap.js index c2dd958f95106e..a5be90a4a1583f 100644 --- a/lib/_tls_wrap.js +++ b/lib/_tls_wrap.js @@ -1738,7 +1738,7 @@ exports.connect = function connect(...args) { if (!options.keepAlive) options.singleUse = true; - assert(typeof options.checkServerIdentity === 'function'); + validateFunction(options.checkServerIdentity, 'options.checkServerIdentity'); assert(typeof options.minDHSize === 'number', 'options.minDHSize is not a number: ' + options.minDHSize); assert(options.minDHSize > 0, diff --git a/test/parallel/test-tls-basic-validations.js b/test/parallel/test-tls-basic-validations.js index 4a3aab314680ac..64ae23758f2353 100644 --- a/test/parallel/test-tls-basic-validations.js +++ b/test/parallel/test-tls-basic-validations.js @@ -135,3 +135,12 @@ assert.throws(() => { tls.createSecureContext({ maxVersion: 'fhqwhgads' }); }, code: 'ERR_TLS_INVALID_PROTOCOL_VERSION', name: 'TypeError' }); + +for (const checkServerIdentity of [undefined, null, 1, true]) { + assert.throws(() => { + tls.connect({ checkServerIdentity }); + }, { + code: 'ERR_INVALID_ARG_TYPE', + name: 'TypeError', + }); +}