Skip to content

Commit

Permalink
crypto: prevent Sign::SignFinal from crashing
Browse files Browse the repository at this point in the history 
The validation logic could be tricked into assuming an option was
valid using malicious getters, leading to an invalid value being
passed to the C++ layer, thus crashing the process.

PR-URL: #21815
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
  • Loading branch information
@tniessen @targos
tniessen authored and targos committed Jul 18, 2018
1 parent 576f1ea commit d9825c7
Showing 1 changed file with 4 additions and 3 deletions.
7 changes: 4 additions & 3 deletions lib/internal/crypto/sig.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,11 @@ function getSaltLength(options) {

function getIntOption(name, defaultValue, options) {
if (options.hasOwnProperty(name)) {
if (options[name] === options[name] >> 0) {
return options[name];
const value = options[name];
if (value === value >> 0) {
return value;
} else {
throw new ERR_INVALID_OPT_VALUE(name, options[name]);
throw new ERR_INVALID_OPT_VALUE(name, value);
}
}
return defaultValue;
Expand Down

0 comments on commit d9825c7

Please sign in to comment.