tls: route callback exceptions through error handlers

Cherry-pick c357a39

Author: mcollina

lib/internal/tls/wrap.js

@@ -234,39 +234,44 @@ function callALPNCallback(protocolsBuffer) {
   const handle = this;
   const socket = handle[owner_symbol];
 
-  const servername = handle.getServername();
+  try {
+    const servername = handle.getServername();
 
-  // Collect all the protocols from the given buffer:
-  const protocols = [];
-  let offset = 0;
-  while (offset < protocolsBuffer.length) {
-    const protocolLen = protocolsBuffer[offset];
-    offset += 1;
+    // Collect all the protocols from the given buffer:
+    const protocols = [];
+    let offset = 0;
+    while (offset < protocolsBuffer.length) {
+      const protocolLen = protocolsBuffer[offset];
+      offset += 1;
 
-    const protocol = protocolsBuffer.slice(offset, offset + protocolLen);
-    offset += protocolLen;
+      const protocol = protocolsBuffer.slice(offset, offset + protocolLen);
+      offset += protocolLen;
 
-    protocols.push(protocol.toString('ascii'));
-  }
+      protocols.push(protocol.toString('ascii'));
+    }
 
-  const selectedProtocol = socket[kALPNCallback]({
-    servername,
-    protocols,
-  });
+    const selectedProtocol = socket[kALPNCallback]({
+      servername,
+      protocols,
+    });
 
-  // Undefined -> all proposed protocols rejected
-  if (selectedProtocol === undefined) return undefined;
+    // Undefined -> all proposed protocols rejected
+    if (selectedProtocol === undefined) return undefined;
 
-  const protocolIndex = protocols.indexOf(selectedProtocol);
-  if (protocolIndex === -1) {
-    throw new ERR_TLS_ALPN_CALLBACK_INVALID_RESULT(selectedProtocol, protocols);
-  }
-  let protocolOffset = 0;
-  for (let i = 0; i < protocolIndex; i++) {
-    protocolOffset += 1 + protocols[i].length;
-  }
+    const protocolIndex = protocols.indexOf(selectedProtocol);
+    if (protocolIndex === -1) {
+      throw new ERR_TLS_ALPN_CALLBACK_INVALID_RESULT(selectedProtocol, protocols);
+    }
+    let protocolOffset = 0;
+    for (let i = 0; i < protocolIndex; i++) {
+      protocolOffset += 1 + protocols[i].length;
+    }
 
-  return protocolOffset;
+    return protocolOffset;
+  } catch (err) {
+    socket.destroy(err);
+    return undefined;
+  }
 }
 
 function requestOCSP(socket, info) {
@@ -373,63 +378,75 @@ function onnewsession(sessionId, session) {
 
 function onPskServerCallback(identity, maxPskLen) {
   const owner = this[owner_symbol];
-  const ret = owner[kPskCallback](owner, identity);
-  if (ret == null)
-    return undefined;
 
-  let psk;
-  if (isArrayBufferView(ret)) {
-    psk = ret;
-  } else {
-    if (typeof ret !== 'object') {
-      throw new ERR_INVALID_ARG_TYPE(
-        'ret',
-        ['Object', 'Buffer', 'TypedArray', 'DataView'],
-        ret,
+  try {
+    const ret = owner[kPskCallback](owner, identity);
+    if (ret == null)
+      return undefined;
+
+    let psk;
+    if (isArrayBufferView(ret)) {
+      psk = ret;
+    } else {
+      if (typeof ret !== 'object') {
+        throw new ERR_INVALID_ARG_TYPE(
+          'ret',
+          ['Object', 'Buffer', 'TypedArray', 'DataView'],
+          ret,
+        );
+      }
+      psk = ret.psk;
+      validateBuffer(psk, 'psk');
+    }
+
+    if (psk.length > maxPskLen) {
+      throw new ERR_INVALID_ARG_VALUE(
+        'psk',
+        psk,
+        `Pre-shared key exceeds ${maxPskLen} bytes`,
       );
     }
-    psk = ret.psk;
-    validateBuffer(psk, 'psk');
-  }
 
-  if (psk.length > maxPskLen) {
-    throw new ERR_INVALID_ARG_VALUE(
-      'psk',
-      psk,
-      `Pre-shared key exceeds ${maxPskLen} bytes`,
-    );
+    return psk;
+  } catch (err) {
+    owner.destroy(err);
+    return undefined;
   }
-
-  return psk;
 }
 
 function onPskClientCallback(hint, maxPskLen, maxIdentityLen) {
   const owner = this[owner_symbol];
-  const ret = owner[kPskCallback](hint);
-  if (ret == null)
-    return undefined;
 
-  validateObject(ret, 'ret');
+  try {
+    const ret = owner[kPskCallback](hint);
+    if (ret == null)
+      return undefined;
+
+    validateObject(ret, 'ret');
+
+    validateBuffer(ret.psk, 'psk');
+    if (ret.psk.length > maxPskLen) {
+      throw new ERR_INVALID_ARG_VALUE(
+        'psk',
+        ret.psk,
+        `Pre-shared key exceeds ${maxPskLen} bytes`,
+      );
+    }
 
-  validateBuffer(ret.psk, 'psk');
-  if (ret.psk.length > maxPskLen) {
-    throw new ERR_INVALID_ARG_VALUE(
-      'psk',
-      ret.psk,
-      `Pre-shared key exceeds ${maxPskLen} bytes`,
-    );
-  }
+    validateString(ret.identity, 'identity');
+    if (Buffer.byteLength(ret.identity) > maxIdentityLen) {
+      throw new ERR_INVALID_ARG_VALUE(
+        'identity',
+        ret.identity,
+        `PSK identity exceeds ${maxIdentityLen} bytes`,
+      );
+    }
 
-  validateString(ret.identity, 'identity');
-  if (Buffer.byteLength(ret.identity) > maxIdentityLen) {
-    throw new ERR_INVALID_ARG_VALUE(
-      'identity',
-      ret.identity,
-      `PSK identity exceeds ${maxIdentityLen} bytes`,
-    );
+    return { psk: ret.psk, identity: ret.identity };
+  } catch (err) {
+    owner.destroy(err);
+    return undefined;
   }
-
-  return { psk: ret.psk, identity: ret.identity };
 }
 
 function onkeylog(line) {