diff options
| author | Erik Price <github@erikprice.net> | 2021-02-11 03:45:10 -0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-02-11 12:45:10 +0100 |
| commit | a097c4089b2a7f2db3c70e951d935e23b4f4293a (patch) | |
| tree | 882ec94283b8c2a8276ef121d1db31a5dabdb242 | |
| parent | 61108935f16bd2aa60d51525e3578719425eef03 (diff) | |
fix(runtime/tls): handle invalid host for connectTls/startTls (#9453)
| -rw-r--r-- | cli/tests/unit/tls_test.ts | 18 | ||||
| -rw-r--r-- | runtime/ops/tls.rs | 8 |
2 files changed, 22 insertions, 4 deletions
diff --git a/cli/tests/unit/tls_test.ts b/cli/tests/unit/tls_test.ts index ba1f067de..fa869037e 100644 --- a/cli/tests/unit/tls_test.ts +++ b/cli/tests/unit/tls_test.ts @@ -20,6 +20,24 @@ unitTest(async function connectTLSNoPerm(): Promise<void> { }, Deno.errors.PermissionDenied); }); +unitTest( + { perms: { read: true, net: true } }, + async function connectTLSInvalidHost(): Promise<void> { + const listener = await Deno.listenTls({ + hostname: "localhost", + port: 3567, + certFile: "cli/tests/tls/localhost.crt", + keyFile: "cli/tests/tls/localhost.key", + }); + + await assertThrowsAsync(async () => { + await Deno.connectTls({ hostname: "127.0.0.1", port: 3567 }); + }, Error); + + listener.close(); + }, +); + unitTest(async function connectTLSCertFileNoReadPerm(): Promise<void> { await assertThrowsAsync(async () => { await Deno.connectTls({ diff --git a/runtime/ops/tls.rs b/runtime/ops/tls.rs index 7a5636cd7..893c068c4 100644 --- a/runtime/ops/tls.rs +++ b/runtime/ops/tls.rs @@ -140,8 +140,8 @@ async fn op_start_tls( } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = - DNSNameRef::try_from_ascii_str(&domain).expect("Invalid DNS lookup"); + let dnsname = DNSNameRef::try_from_ascii_str(&domain) + .map_err(|_| generic_error("Invalid DNS lookup"))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { @@ -202,8 +202,8 @@ async fn op_connect_tls( config.root_store.add_pem_file(reader).unwrap(); } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = - DNSNameRef::try_from_ascii_str(&domain).expect("Invalid DNS lookup"); + let dnsname = DNSNameRef::try_from_ascii_str(&domain) + .map_err(|_| generic_error("Invalid DNS lookup"))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { let mut state_ = state.borrow_mut(); |