crypto: fix randomInt range check

Refs: #34600 PR-URL: #35052 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Denys Otrishko <shishugi@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
nodejs · Sep 7, 2020 · 9effa5b · 9effa5b
1 parent df7bf64
commit 9effa5b
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 9 deletions.
diff --git a/lib/internal/crypto/random.js b/lib/internal/crypto/random.js
@@ -149,8 +149,8 @@ function randomInt(min, max, callback) {
   if (!NumberIsSafeInteger(max)) {
     throw new ERR_INVALID_ARG_TYPE('max', 'safe integer', max);
   }
-  if (!(max >= min)) {
-    throw new ERR_OUT_OF_RANGE('max', `>= ${min}`, max);
+  if (max <= min) {
+    throw new ERR_OUT_OF_RANGE('max', `> ${min}`, max);
   }
 
   // First we generate a random int between [0..range)

diff --git a/test/parallel/test-crypto-random.js b/test/parallel/test-crypto-random.js
@@ -456,13 +456,16 @@ assert.throws(
     }
   );
 
-  crypto.randomInt(0, common.mustCall());
-  crypto.randomInt(0, 0, common.mustCall());
-  assert.throws(() => crypto.randomInt(-1, common.mustNotCall()), {
-    code: 'ERR_OUT_OF_RANGE',
-    name: 'RangeError',
-    message: 'The value of "max" is out of range. It must be >= 0. Received -1'
-  });
+  crypto.randomInt(1, common.mustCall());
+  crypto.randomInt(0, 1, common.mustCall());
+  for (const arg of [[0], [1, 1], [3, 2], [-5, -5], [11, -10]]) {
+    assert.throws(() => crypto.randomInt(...arg, common.mustNotCall()), {
+      code: 'ERR_OUT_OF_RANGE',
+      name: 'RangeError',
+      message: 'The value of "max" is out of range. It must be > ' +
+               `${arg[arg.length - 2] || 0}. Received ${arg[arg.length - 1]}`
+    });
+  }
 
   const MAX_RANGE = 0xFFFF_FFFF_FFFF;
   crypto.randomInt(MAX_RANGE, common.mustCall());