Fixed bug validating the database host during connection

sharadraju · sharadraju · commit 8c86df476196 · 2025-09-25T20:09:23.000+05:30
diff --git a/doc/src/release_notes.rst b/doc/src/release_notes.rst
@@ -29,6 +29,8 @@ Common Changes
 Thin Mode Changes
 +++++++++++++++++
 
+#)  Fixed bug validating the database host during connection.
+
 #)  Enabled proxy user to be passed with :ref:`external authentication <extauth>`
     in :meth:`oracledb.createPool()` for Thin mode.
     See `Issue #1743 <https://github.com/oracle/node-oracledb/issues/1743>`__.
diff --git a/lib/errors.js b/lib/errors.js
@@ -178,6 +178,7 @@ const ERR_CALLOUT_FN = 169;
 const ERR_SESSIONLESS_DIFFERING_METHODS = 170;
 const ERR_SESSIONLESS_ALREADY_ACTIVE = 171;
 const ERR_SESSIONLESS_INACTIVE = 172;
+const ERR_INVALID_SERVER_RESPONSE = 173;
 
 // Oracle Net layer errors start from 500
 const ERR_CONNECTION_CLOSED = 500;
@@ -539,6 +540,8 @@ messages.set(ERR_SESSIONLESS_ALREADY_ACTIVE,            //NJS-171
   'Suspend, commit or rollback the currently active sessionless transaction before beginning or resuming another one.');
 messages.set(ERR_SESSIONLESS_INACTIVE,                  //NJS-172
   'No sessionless transaction is active');
+messages.set(ERR_INVALID_SERVER_RESPONSE,               //NJS-173
+  'Invalid server response to connection request');
 
 // Oracle Net layer errors
 
@@ -999,6 +1002,7 @@ module.exports = {
   ERR_SESSIONLESS_DIFFERING_METHODS,
   ERR_SESSIONLESS_ALREADY_ACTIVE,
   ERR_SESSIONLESS_INACTIVE,
+  ERR_INVALID_SERVER_RESPONSE,
   ERR_CONNECTION_CLOSED_CODE: `${ERR_PREFIX}-${ERR_CONNECTION_CLOSED}`,
   ERR_OPERATION_NOT_SUPPORTED_ON_BFILE,
   ERR_OPERATION_ONLY_SUPPORTED_ON_BFILE,
diff --git a/lib/thin/connection.js b/lib/thin/connection.js
@@ -781,6 +781,36 @@ class ThinConnectionImpl extends ConnectionImpl {
     return (this._pool) ? true : false;
   }
 
+  _postConnect(authMessage) {
+    let releaseNum;
+    let updateNum;
+    let portReleaseNum;
+    let portUpdateNum;
+
+    this.dbDomain = authMessage.sessionData['AUTH_SC_DB_DOMAIN'];
+    this.dbName = authMessage.sessionData['AUTH_DBNAME'];
+    this.maxOpenCursors = Number(authMessage.sessionData['AUTH_MAX_OPEN_CURSORS'] || 0);
+    this.serviceName = authMessage.sessionData['AUTH_SC_SERVICE_NAME'];
+    this.instanceName = authMessage.sessionData['AUTH_INSTANCENAME'];
+    this.maxIdentifierLength = Number(authMessage.sessionData['AUTH_MAX_IDEN_LENGTH'] || 30);
+    const fullVersionNum = Number(authMessage.sessionData['AUTH_VERSION_NO']);
+    const versionNum = (fullVersionNum >> 24) & 0xFF;
+    this.warning = authMessage.warning;
+    if (this._protocol.caps.ttcFieldVersion >= constants.TNS_CCAP_FIELD_VERSION_18_1_EXT_1) {
+      releaseNum = (fullVersionNum >> 16) & 0xFF;
+      updateNum = (fullVersionNum >> 12) & 0x0F;
+      portReleaseNum = (fullVersionNum >> 4) & 0xFF;
+      portUpdateNum = fullVersionNum & 0x0F;
+    } else {
+      releaseNum = (fullVersionNum >> 20) & 0x0F;
+      updateNum = (fullVersionNum >> 12) & 0xFF;
+      portReleaseNum = (fullVersionNum >> 8) & 0x0F;
+      portUpdateNum = fullVersionNum & 0xFF;
+    }
+    this.serverVersionString = versionNum + '.' + releaseNum + '.' + updateNum + '.' + portReleaseNum + '.' + portUpdateNum;
+    this.serverVersion = versionNum * 100000000 + releaseNum * 1000000 + updateNum * 10000 + portReleaseNum * 100 + portUpdateNum * 1;
+  }
+
   /**
    *
    * @param {object} params  Configuration of the connection
@@ -895,6 +925,7 @@ class ThinConnectionImpl extends ConnectionImpl {
       if (!params.externalAuth) { // non-token Authentication
         await this._protocol._processMessage(authMessage); // OAUTH
       }
+      this._postConnect(authMessage);
     } catch (err) {
       this.nscon.disconnect();
       throw err;
diff --git a/lib/thin/protocol/capabilities.js b/lib/thin/protocol/capabilities.js
@@ -118,7 +118,8 @@ class Capabilities {
       this.compileCaps[constants.TNS_CCAP_TTC4] |= constants.TNS_CCAP_END_OF_REQUEST;
     }
     this.compileCaps[constants.TNS_CCAP_CTB_FEATURE_BACKPORT] =
-      constants.TNS_CCAP_CTB_IMPLICIT_POOL;
+      constants.TNS_CCAP_CTB_IMPLICIT_POOL |
+      constants.TNS_CCAP_CTB_OAUTH_MSG_ON_ERR;
     this.compileCaps[constants.TNS_CCAP_TTC5] =
       constants.TNS_CCAP_VECTOR_SUPPORT |
       constants.TNS_CCAP_TTC5_SESSIONLESS_TXNS;
diff --git a/lib/thin/protocol/constants.js b/lib/thin/protocol/constants.js
@@ -648,6 +648,7 @@ module.exports = {
   TNS_CCAP_LOB2_QUASI: 0x01,
   TNS_CCAP_LOB2_2GB_PREFETCH: 0x04,
   TNS_CCAP_CTB_IMPLICIT_POOL: 0x08,
+  TNS_CCAP_CTB_OAUTH_MSG_ON_ERR: 0x10,
   TNS_CCAP_VECTOR_SUPPORT: 0x08,
   TNS_CCAP_VECTOR_FEATURE_BINARY: 0x01,
   TNS_CCAP_VECTOR_FEATURE_SPARSE: 0x02,
diff --git a/lib/thin/protocol/encryptDecrypt.js b/lib/thin/protocol/encryptDecrypt.js
@@ -40,7 +40,7 @@ class EncryptDecrypt {
 
   // Key length is dependent on the algorithm. In this case for aes192, it is
   // 24 bytes (192 bits).
-  _decrypt(key, val) {
+  decrypt(key, val) {
     const iv = Buffer.alloc(16, 0); // Initialization vector, same is used in server
     const decipher = crypto.createDecipheriv(algorithm, key, iv);
     decipher.setAutoPadding(false);
@@ -138,7 +138,7 @@ class EncryptDecrypt {
     if (newPassword) {
       newPasswordBytes = Buffer.from(newPassword, 'utf8');
     }
-    const sessionKeyParta = this._decrypt(passwordHash, encodedServerKey);
+    const sessionKeyParta = this.decrypt(passwordHash, encodedServerKey);
     const sessionKeyPartb = Buffer.alloc(sessionKeyParta.length);
     crypto.randomFillSync(sessionKeyPartb);
     const encodedClientKey = this._encrypt(passwordHash, sessionKeyPartb);
diff --git a/lib/thin/protocol/messages/auth.js b/lib/thin/protocol/messages/auth.js
@@ -355,34 +355,19 @@ class AuthMessage extends Message {
     }
     if (this.functionCode === constants.TNS_FUNC_AUTH_PHASE_ONE) {
       this.functionCode = constants.TNS_FUNC_AUTH_PHASE_TWO;
-    } else {
-      let releaseNum;
-      let updateNum;
-      let portReleaseNum;
-      let portUpdateNum;
-
-      this.conn.dbDomain = this.sessionData['AUTH_SC_DB_DOMAIN'];
-      this.conn.dbName = this.sessionData['AUTH_DBNAME'];
-      this.conn.maxOpenCursors = Number(this.sessionData['AUTH_MAX_OPEN_CURSORS'] || 0);
-      this.conn.serviceName = this.sessionData['AUTH_SC_SERVICE_NAME'];
-      this.conn.instanceName = this.sessionData['AUTH_INSTANCENAME'];
-      this.conn.maxIdentifierLength = Number(this.sessionData['AUTH_MAX_IDEN_LENGTH'] || 30);
-      const fullVersionNum = Number(this.sessionData['AUTH_VERSION_NO']);
-      const versionNum = (fullVersionNum >> 24) & 0xFF;
-      this.conn.warning = this.warning;
-      if (buf.caps.ttcFieldVersion >= constants.TNS_CCAP_FIELD_VERSION_18_1_EXT_1) {
-        releaseNum = (fullVersionNum >> 16) & 0xFF;
-        updateNum = (fullVersionNum >> 12) & 0x0F;
-        portReleaseNum = (fullVersionNum >> 4) & 0xFF;
-        portUpdateNum = fullVersionNum & 0x0F;
-      } else {
-        releaseNum = (fullVersionNum >> 20) & 0x0F;
-        updateNum = (fullVersionNum >> 12) & 0xFF;
-        portReleaseNum = (fullVersionNum >> 8) & 0x0F;
-        portUpdateNum = fullVersionNum & 0xFF;
+    } else if (!this.changePassword && this.comboKey) {
+      const value = this.sessionData.AUTH_SVR_RESPONSE;
+      let response;
+      if (value) {
+        const encodedResponse = Buffer.from(value, "hex");
+        response = ED.decrypt(this.comboKey, encodedResponse);
+      }
+      if (
+        !response ||
+        !response.subarray(16, 32).equals(Buffer.from("SERVER_TO_CLIENT"))
+      ) {
+        errors.throwErr(errors.ERR_INVALID_SERVER_RESPONSE);
       }
-      this.conn.serverVersionString = versionNum + '.' + releaseNum + '.' + updateNum + '.' + portReleaseNum + '.' + portUpdateNum;
-      this.conn.serverVersion = versionNum * 100000000 + releaseNum * 1000000 + updateNum * 10000 + portReleaseNum * 100 + portUpdateNum * 1;
     }
   }
 
