tls: bind reusable sessions to authenticated host

mcollina · aduh95 · commit d1be63041592 · 2026-06-17T18:52:14.000+02:00
PR-URL: nodejs-private/node-private#854 Reviewed-By: Robert Nagy <ronagy@icloud.com> CVE-ID: CVE-2026-48934 Refs: https://hackerone.com/reports/3649802
diff --git a/lib/internal/tls/wrap.js b/lib/internal/tls/wrap.js
@@ -114,6 +114,82 @@ const kIsVerified = Symbol('verified');
 
 const noop = () => {};
 
+const kTLSSessionStatePrefix = Buffer.from('\0nodejs:tls:session:1\0');
+
+function getSessionServerIdentity(options) {
+  return options?.servername ||
+         options?.host ||
+         options?.socket?._host ||
+         'localhost';
+}
+
+function wrapSessionState(session, options) {
+  if (!Buffer.isBuffer(session) || options?.isServer)
+    return session;
+
+  const servername = Buffer.from(getSessionServerIdentity(options), 'utf8');
+  const servernameLength = Buffer.allocUnsafe(2);
+  servernameLength.writeUInt16BE(servername.length, 0);
+
+  return Buffer.concat([
+    kTLSSessionStatePrefix,
+    servernameLength,
+    servername,
+    session,
+  ]);
+}
+
+function unwrapSessionState(session) {
+  if (!Buffer.isBuffer(session) ||
+      session.length < kTLSSessionStatePrefix.length + 2 ||
+      Buffer.compare(
+        session.subarray(0, kTLSSessionStatePrefix.length),
+        kTLSSessionStatePrefix,
+      ) !== 0) {
+    return;
+  }
+
+  const start = kTLSSessionStatePrefix.length;
+  const servernameLength = session.readUInt16BE(start);
+  const servernameStart = start + 2;
+  const servernameEnd = servernameStart + servernameLength;
+  if (session.length < servernameEnd)
+    return;
+
+  return {
+    servername: session.toString('utf8', servernameStart, servernameEnd),
+    session: session.subarray(servernameEnd),
+  };
+}
+
+function getSessionForReuse(session, options) {
+  if (typeof session === 'string')
+    session = Buffer.from(session, 'latin1');
+
+  if (options?.isServer)
+    return session;
+
+  const wrappedSession = unwrapSessionState(session);
+  if (wrappedSession !== undefined) {
+    const servername = getSessionServerIdentity(options);
+    if (wrappedSession.servername !== servername) {
+      debug('ignore session for %s: authenticated for %s',
+            servername, wrappedSession.servername);
+      return;
+    }
+
+    return wrappedSession.session;
+  }
+
+  if (Buffer.isBuffer(session) && options?.rejectUnauthorized !== false) {
+    debug('ignore raw session for verified client connection to %s',
+          getSessionServerIdentity(options));
+    return;
+  }
+
+  return session;
+}
+
 let tlsTracingWarned = false;
 
 // Server side times how long a handshake is taking to protect against slow
@@ -341,10 +417,11 @@ function requestOCSPDone(socket) {
 function onnewsessionclient(sessionId, session) {
   debug('client emit session');
   const owner = this[owner_symbol];
+  const wrappedSession = wrapSessionState(session, owner[kConnectOptions]);
   if (owner[kIsVerified]) {
-    owner.emit('session', session);
+    owner.emit('session', wrappedSession);
   } else {
-    owner[kPendingSession] = session;
+    owner[kPendingSession] = wrappedSession;
   }
 }
 
@@ -1139,9 +1216,19 @@ TLSSocket.prototype.setServername = function(name) {
 };
 
 TLSSocket.prototype.setSession = function(session) {
-  if (typeof session === 'string')
-    session = Buffer.from(session, 'latin1');
-  this._handle.setSession(session);
+  session = getSessionForReuse(session, this[kConnectOptions] || this._tlsOptions);
+  if (session !== undefined)
+    this._handle.setSession(session);
+};
+
+TLSSocket.prototype.getSession = function() {
+  if (!this._handle)
+    return null;
+
+  return wrapSessionState(
+    this._handle.getSession(),
+    this[kConnectOptions] || this._tlsOptions,
+  );
 };
 
 TLSSocket.prototype.getPeerCertificate = function(detailed) {
@@ -1200,7 +1287,6 @@ function makeSocketMethodProxy(name) {
   'getFinished',
   'getPeerFinished',
   'getProtocol',
-  'getSession',
   'getTLSTicket',
   'isSessionReused',
   'enableTrace',
@@ -1663,12 +1749,11 @@ function onConnectSecure() {
   // Verify that server's identity matches it's certificate's names
   // Unless server has resumed our existing session
   if (!verifyError && !this.isSessionReused()) {
-    const hostname = options.servername ||
-                   options.host ||
-                   (options.socket?._host) ||
-                   'localhost';
     const cert = this.getPeerCertificate(true);
-    verifyError = options.checkServerIdentity(hostname, cert);
+    verifyError = options.checkServerIdentity(
+      getSessionServerIdentity(options),
+      cert,
+    );
   }
 
   if (verifyError) {
@@ -1753,6 +1838,8 @@ exports.connect = function connect(...args) {
     );
   }
 
+  options.session = getSessionForReuse(options.session, options);
+
   const tlssock = new TLSSocket(options.socket, {
     allowHalfOpen: options.allowHalfOpen,
     pipe: !!options.path,
