tls: fix error stack conversion in cryptoErrorListToException()

joyeecheung · aduh95 · commit b7b0768cda59 · 2025-01-30T10:44:13.000+01:00
The ncrypto move introduced regressions in cryptoErrorListToException() by passing in the size of the vector unnecessarily into the vector constructor and then use push_back() (which would result in a crash on dereferencing empty handles during later iteration) and having incorrect logic for checking the presence of an exception. This patch fixes it. PR-URL: #56554 Fixes: #56375 Refs: #53803 Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/src/crypto/crypto_util.cc b/src/crypto/crypto_util.cc
@@ -237,7 +237,8 @@ MaybeLocal<Value> cryptoErrorListToException(
   if (errors.size() > 1) {
     CHECK(exception->IsObject());
     Local<Object> exception_obj = exception.As<Object>();
-    LocalVector<Value> stack(env->isolate(), errors.size() - 1);
+    LocalVector<Value> stack(env->isolate());
+    stack.reserve(errors.size() - 1);
 
     // Iterate over all but the last error in the list.
     auto current = errors.begin();
@@ -255,9 +256,9 @@ MaybeLocal<Value> cryptoErrorListToException(
     Local<v8::Array> stackArray =
         v8::Array::New(env->isolate(), stack.data(), stack.size());
 
-    if (!exception_obj
-             ->Set(env->context(), env->openssl_error_stack(), stackArray)
-             .IsNothing()) {
+    if (exception_obj
+            ->Set(env->context(), env->openssl_error_stack(), stackArray)
+            .IsNothing()) {
       return {};
     }
   }
diff --git a/test/parallel/test-tls-error-stack.js b/test/parallel/test-tls-error-stack.js
@@ -0,0 +1,18 @@
+'use strict';
+
+// This tests that the crypto error stack can be correctly converted.
+const common = require('../common');
+if (!common.hasCrypto)
+  common.skip('missing crypto');
+
+const assert = require('assert');
+const tls = require('tls');
+
+assert.throws(() => {
+  tls.createSecureContext({ clientCertEngine: 'x' });
+}, (err) => {
+  return err.name === 'Error' &&
+         /could not load the shared library/.test(err.message) &&
+         Array.isArray(err.opensslErrorStack) &&
+        err.opensslErrorStack.length > 0;
+});
