diff options
| author | Bert Belder <bertbelder@gmail.com> | 2021-04-26 19:39:55 +0000 |
|---|---|---|
| committer | Bert Belder <bertbelder@gmail.com> | 2021-04-26 23:40:45 +0200 |
| commit | 299518d9357ca81efa12f295f65086708f392531 (patch) | |
| tree | 14817be22e60bf143f9d4108f5813dc985ec3ac5 /runtime/ops/tls.rs | |
| parent | 87c055b371e6388f73c88ad26f56bca67f6691f4 (diff) | |
fix(tls): throw meaningful error when hostname is invalid (#10387)
`InvalidDNSNameError` is thrown when a string is not a valid hostname,
e.g. it contains invalid characters, or starts with a numeric digit. It
does not involve a (failed) DNS lookup.
Diffstat (limited to 'runtime/ops/tls.rs')
| -rw-r--r-- | runtime/ops/tls.rs | 21 |
1 files changed, 11 insertions, 10 deletions
diff --git a/runtime/ops/tls.rs b/runtime/ops/tls.rs index 10293cf92..0dbf35cc4 100644 --- a/runtime/ops/tls.rs +++ b/runtime/ops/tls.rs @@ -13,6 +13,7 @@ use deno_core::error::bad_resource; use deno_core::error::bad_resource_id; use deno_core::error::custom_error; use deno_core::error::generic_error; +use deno_core::error::invalid_hostname; use deno_core::error::AnyError; use deno_core::AsyncRefCell; use deno_core::CancelHandle; @@ -139,8 +140,8 @@ async fn op_start_tls( } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = DNSNameRef::try_from_ascii_str(&domain) - .map_err(|_| generic_error("Invalid DNS lookup"))?; + let dnsname = DNSNameRef::try_from_ascii_str(domain) + .map_err(|_| invalid_hostname(domain))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { @@ -169,20 +170,22 @@ async fn op_connect_tls( ) -> Result<OpConn, AnyError> { assert_eq!(args.transport, "tcp"); + let mut domain = args.hostname.as_str(); + if domain.is_empty() { + domain = "localhost"; + } { let mut s = state.borrow_mut(); let permissions = s.borrow_mut::<Permissions>(); - permissions.net.check(&(&args.hostname, Some(args.port)))?; + permissions.net.check(&(domain, Some(args.port)))?; if let Some(path) = &args.cert_file { permissions.read.check(Path::new(&path))?; } } - let mut domain = args.hostname.as_str(); - if domain.is_empty() { - domain = "localhost"; - } - let addr = resolve_addr(&args.hostname, args.port) + let dnsname = DNSNameRef::try_from_ascii_str(domain) + .map_err(|_| invalid_hostname(domain))?; + let addr = resolve_addr(domain, args.port) .await? .next() .ok_or_else(|| generic_error("No resolved address found"))?; @@ -200,8 +203,6 @@ async fn op_connect_tls( config.root_store.add_pem_file(reader).unwrap(); } let tls_connector = TlsConnector::from(Arc::new(config)); - let dnsname = DNSNameRef::try_from_ascii_str(&domain) - .map_err(|_| generic_error("Invalid DNS lookup"))?; let tls_stream = tls_connector.connect(dnsname, tcp_stream).await?; let rid = { let mut state_ = state.borrow_mut(); |