File CVE-2021-22939.patch of Package nodejs8.24011
From 1780bbc3291357f7c3370892eb311fc7a62afe8d Mon Sep 17 00:00:00 2001
From: Matteo Collina <hello@matteocollina.com>
Date: Wed, 4 Aug 2021 18:40:00 +0200
Subject: [PATCH] tls: validate "rejectUnauthorized: undefined"
Incomplete validation of rejectUnauthorized parameter (Low)
If the Node.js https API was used incorrectly and "undefined" was passed
in for the "rejectUnauthorized" parameter, no error was returned and
connections to servers with an expired certificate would have been
accepted.
CVE-ID: CVE-2021-22939
Refs: https://nvd.nist.gov/vuln/detail/CVE-2021-22939
Refs: https://hackerone.com/reports/1278254
PR-URL: https://github.com/nodejs-private/node-private/pull/276
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Akshay K <iit.akshay@gmail.com>
Reviewed-By: Robert Nagy <ronagy@icloud.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
---
lib/_tls_wrap.js | 17 ++++++++++++++++-
test/parallel/test-tls-client-reject.js | 13 +++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
Index: node-v8.17.0/test/parallel/test-tls-client-reject.js
===================================================================
--- node-v8.17.0.orig/test/parallel/test-tls-client-reject.js
+++ node-v8.17.0/test/parallel/test-tls-client-reject.js
@@ -67,6 +67,19 @@ function rejectUnauthorized() {
socket.write('ng');
}
+function rejectUnauthorizedUndefined() {
+ console.log('reject unauthorized undefined');
+ const socket = tls.connect(server.address().port, {
+ servername: 'localhost',
+ rejectUnauthorized: undefined
+ }, common.mustNotCall());
+ socket.on('data', common.mustNotCall());
+ socket.on('error', common.mustCall(function(err) {
+ authorized();
+ }));
+ socket.end('ng');
+}
+
function authorized() {
const socket = tls.connect(server.address().port, {
ca: [fixtures.readSync('test_cert.pem')],
