projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f1f7b06) | patch
[PATCH] tls: route callback exceptions through error handlers
authorMatteo Collina <hello@matteocollina.com>
Mon, 22 Dec 2025 17:25:33 +0000 (18:25 +0100)
committerJérémy Lal <kapouer@melix.org>
Thu, 5 Mar 2026 10:05:11 +0000 (11:05 +0100)
commitda6fc3eb78769765c1b31e080f4024feee7375b3
tree6f9caae3501d7a399459dd92391a33ddeba5f0bbtree | snapshot
parentf1f7b06ee976bb4c141157b66cdf162ff18d0672commit | diff
[PATCH] tls: route callback exceptions through error handlers

Wrap pskCallback and ALPNCallback invocations in try-catch blocks
to route exceptions through owner.destroy() instead of letting them
become uncaught exceptions. This prevents remote attackers from
crashing TLS servers or causing resource exhaustion.

Fixes: https://hackerone.com/reports/3473882
PR-URL: https://github.com/nodejs-private/node-private/pull/782
PR-URL: https://github.com/nodejs-private/node-private/pull/796
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2026-21637

Gbp-Pq: Topic sec
Gbp-Pq: Name 33-tls-route-callback-exceptions-through-error-handlers.patch
lib/_tls_wrap.js diff | blob | history
test/parallel/test-tls-alpn-server-client.js diff | blob | history
test/parallel/test-tls-psk-alpn-callback-exception-handling.js [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.