projects / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: da6d407) | patch
[PATCH] tls: route callback exceptions through error handlers
authorMatteo Collina <hello@matteocollina.com>
Mon, 22 Dec 2025 17:25:33 +0000 (18:25 +0100)
committerJérémy Lal <kapouer@melix.org>
Tue, 24 Mar 2026 21:11:25 +0000 (22:11 +0100)
commiteba0e0e566bd31a65d2af358b4d589d1778f8120
tree510a769442f9d494de674bf8f3fdbabbe155a724tree | snapshot
parentda6d407fc8579681cb34a568b2ef58d2d10f5320commit | diff
[PATCH] tls: route callback exceptions through error handlers

Wrap pskCallback and ALPNCallback invocations in try-catch blocks
to route exceptions through owner.destroy() instead of letting them
become uncaught exceptions. This prevents remote attackers from
crashing TLS servers or causing resource exhaustion.

Fixes: https://hackerone.com/reports/3473882
PR-URL: https://github.com/nodejs-private/node-private/pull/782
PR-URL: https://github.com/nodejs-private/node-private/pull/796
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
CVE-ID: CVE-2026-21637

Gbp-Pq: Topic sec
Gbp-Pq: Name 33-tls-route-callback-exceptions-through-error-handlers.patch
lib/_tls_wrap.js diff | blob | history
test/parallel/test-tls-alpn-server-client.js diff | blob | history
test/parallel/test-tls-psk-alpn-callback-exception-handling.js [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.