From c666e6794261eec33c6da2b8bfef93c333a6bf2a Mon Sep 17 00:00:00 2001 From: Joyee Cheung Date: Fri, 10 Jan 2025 19:31:05 +0100 Subject: [PATCH] tls: fix error stack conversion in cryptoErrorListToException() The ncrypto move introduced regressions in cryptoErrorListToException() by passing in the size of the vector unnecessarily into the vector constructor and then use push_back() (which would result in a crash on dereferencing empty handles during later iteration) and having incorrect logic for checking the presence of an exception. This patch fixes it. --- src/crypto/crypto_util.cc | 9 +++++---- test/parallel/test-tls-error-stack.js | 18 ++++++++++++++++++ 2 files changed, 23 insertions(+), 4 deletions(-) create mode 100644 test/parallel/test-tls-error-stack.js diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc index 9f5f8e6f03e4ab..49ef332dfac7e0 100644 --- a/src/crypto/crypto_util.cc +++ b/src/crypto/crypto_util.cc @@ -237,7 +237,8 @@ MaybeLocal cryptoErrorListToException( if (errors.size() > 1) { CHECK(exception->IsObject()); Local exception_obj = exception.As(); - LocalVector stack(env->isolate(), errors.size() - 1); + LocalVector stack(env->isolate()); + stack.reserve(errors.size() - 1); // Iterate over all but the last error in the list. auto current = errors.begin(); @@ -255,9 +256,9 @@ MaybeLocal cryptoErrorListToException( Local stackArray = v8::Array::New(env->isolate(), stack.data(), stack.size()); - if (!exception_obj - ->Set(env->context(), env->openssl_error_stack(), stackArray) - .IsNothing()) { + if (exception_obj + ->Set(env->context(), env->openssl_error_stack(), stackArray) + .IsNothing()) { return {}; } } diff --git a/test/parallel/test-tls-error-stack.js b/test/parallel/test-tls-error-stack.js new file mode 100644 index 00000000000000..36deb05b511234 --- /dev/null +++ b/test/parallel/test-tls-error-stack.js @@ -0,0 +1,18 @@ +'use strict'; + +// This tests that the crypto error stack can be correctly converted. +const common = require('../common'); +if (!common.hasCrypto) + common.skip('missing crypto'); + +const assert = require('assert'); +const tls = require('tls'); + +assert.throws(() => { + tls.createSecureContext({ clientCertEngine: 'x' }); +}, (err) => { + return err.name === 'Error' && + /could not load the shared library/.test(err.message) && + Array.isArray(err.opensslErrorStack) && + err.opensslErrorStack.length > 0; +});