From 67bed235d4fbda9ee6cb83c4c8b1ef0bf5ed891e Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 13 Mar 2024 11:39:22 +0100 Subject: [PATCH] crypto: fix `input` validation in `crypto.hash` --- doc/api/crypto.md | 2 +- lib/internal/crypto/hash.js | 5 ++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/doc/api/crypto.md b/doc/api/crypto.md index 4c0e78a25c921a..baa671944480d8 100644 --- a/doc/api/crypto.md +++ b/doc/api/crypto.md @@ -3520,7 +3520,7 @@ added: > Stability: 1.2 - Release candidate * `algorithm` {string|undefined} -* `data` {string|ArrayBuffer|Buffer|TypedArray|DataView} When `data` is a +* `data` {string|Buffer|TypedArray|DataView} When `data` is a string, it will be encoded as UTF-8 before being hashed. If a different input encoding is desired for a string input, user could encode the string into a `TypedArray` using either `TextEncoder` or `Buffer.from()` and passing diff --git a/lib/internal/crypto/hash.js b/lib/internal/crypto/hash.js index 50af7b6bb32abf..fda2017fa0cc95 100644 --- a/lib/internal/crypto/hash.js +++ b/lib/internal/crypto/hash.js @@ -52,7 +52,6 @@ const { validateEncoding, validateString, validateUint32, - validateBuffer, } = require('internal/validators'); const { @@ -196,8 +195,8 @@ async function asyncDigest(algorithm, data) { function hash(algorithm, input, outputEncoding = 'hex') { validateString(algorithm, 'algorithm'); - if (typeof input !== 'string') { - validateBuffer(input, 'input'); + if (typeof input !== 'string' && !isArrayBufferView(input)) { + throw new ERR_INVALID_ARG_TYPE('input', ['Buffer', 'TypedArray', 'DataView', 'string'], input); } let normalized = outputEncoding; // Fast case: if it's 'hex', we don't need to validate it further.