Fix parseCertificateInfo possibly in dead loop

2025-07-22 14:30:58 -04:00 · 2021-11-08 15:39:17 +08:00 · 2021-11-08 15:39:17 +08:00 · 41a6d1b701
commit 41a6d1b701
parent c92153c97e
3 changed files with 139 additions and 2 deletions
--- a/server/util-server.js
+++ b/server/util-server.js
@ -201,8 +201,13 @@ const getDaysRemaining = (validFrom, validTo) => {
 // param: info -  the chain obtained from getPeerCertificate()
 const parseCertificateInfo = function (info) {
    let link = info;
+    let i = 0;
+
+    const existingList = {};

    while (link) {
+        debug(`[${i}] ${link.fingerprint}`);
+
        if (!link.valid_from || !link.valid_to) {
            break;
        }
@ -210,15 +215,24 @@ const parseCertificateInfo = function (info) {
        link.validFor = link.subjectaltname?.replace(/DNS:|IP Address:/g, "").split(", ");
        link.daysRemaining = getDaysRemaining(new Date(), link.validTo);

+        existingList[link.fingerprint] = true;
+
        // Move up the chain until loop is encountered
        if (link.issuerCertificate == null) {
            break;
-        } else if (link.fingerprint == link.issuerCertificate.fingerprint) {
+        } else if (link.issuerCertificate.fingerprint in existingList) {
+            debug(`[Last] ${link.issuerCertificate.fingerprint}`);
            link.issuerCertificate = null;
            break;
        } else {
            link = link.issuerCertificate;
        }
+
+        // Should be no use, but just in case.
+        if (i > 500) {
+            throw new Error("Dead loop occurred in parseCertificateInfo");
+        }
+        i++;
    }

    return info;
@ -228,6 +242,7 @@ exports.checkCertificate = function (res) {
    const info = res.request.res.socket.getPeerCertificate(true);
    const valid = res.request.res.socket.authorized || false;

+    console.log("Parsing Certificate Info");
    const parsedInfo = parseCertificateInfo(info);

    return {