From 6bccd628efaec2dd228f4193f962636c70fc8ef5 Mon Sep 17 00:00:00 2001 From: Anna Henningsen Date: Wed, 20 Apr 2022 13:39:47 +0200 Subject: [PATCH] src: turn SSL_CTX_new CHECK/segfault into JS exception These operations do not usually fail, but can do so when OpenSSL is not configured properly (I ran into this while dynamically linking against OpenSSL with FIPS). JS exceptions are way more useful than CHECK failures or plain segfaults. --- src/crypto/crypto_cipher.cc | 8 ++++++-- src/crypto/crypto_context.cc | 3 +++ 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/crypto/crypto_cipher.cc b/src/crypto/crypto_cipher.cc index f65b7c41bd996d..e58261b411d8fe 100644 --- a/src/crypto/crypto_cipher.cc +++ b/src/crypto/crypto_cipher.cc @@ -197,10 +197,14 @@ void CipherBase::GetSSLCiphers(const FunctionCallbackInfo& args) { Environment* env = Environment::GetCurrent(args); SSLCtxPointer ctx(SSL_CTX_new(TLS_method())); - CHECK(ctx); + if (!ctx) { + return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new"); + } SSLPointer ssl(SSL_new(ctx.get())); - CHECK(ssl); + if (!ssl) { + return ThrowCryptoError(env, ERR_get_error(), "SSL_new"); + } STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl.get()); diff --git a/src/crypto/crypto_context.cc b/src/crypto/crypto_context.cc index 739b559c3b7b22..f8125ab706b733 100644 --- a/src/crypto/crypto_context.cc +++ b/src/crypto/crypto_context.cc @@ -508,6 +508,9 @@ void SecureContext::Init(const FunctionCallbackInfo& args) { } sc->ctx_.reset(SSL_CTX_new(method)); + if (!sc->ctx_) { + return ThrowCryptoError(env, ERR_get_error(), "SSL_CTX_new"); + } SSL_CTX_set_app_data(sc->ctx_.get(), sc); // Disable SSLv2 in the case when method == TLS_method() and the