Skip to content

Commit

Permalink
crypto: fix CipherBase Update int32 overflow
Browse files Browse the repository at this point in the history
PR-URL: #45769
Fixes: #45757
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
  • Loading branch information
marco-ippolito authored and danielleadams committed Jan 5, 2023
1 parent 007cbf7 commit ae6f377
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/crypto/crypto_cipher.cc
Original file line number Diff line number Diff line change
Expand Up @@ -803,7 +803,11 @@ CipherBase::UpdateResult CipherBase::Update(
if (kind_ == kDecipher && IsAuthenticatedMode())
CHECK(MaybePassAuthTagToOpenSSL());

int buf_len = len + EVP_CIPHER_CTX_block_size(ctx_.get());
const int block_size = EVP_CIPHER_CTX_block_size(ctx_.get());
CHECK_GT(block_size, 0);
if (len + block_size > INT_MAX) return kErrorState;
int buf_len = len + block_size;

// For key wrapping algorithms, get output size by calling
// EVP_CipherUpdate() with null output.
if (kind_ == kCipher && mode == EVP_CIPH_WRAP_MODE &&
Expand Down
8 changes: 8 additions & 0 deletions test/parallel/test-crypto-cipheriv-decipheriv.js
Original file line number Diff line number Diff line change
Expand Up @@ -215,3 +215,11 @@ for (let n = minIvLength; n < maxIvLength; n += 1) {
() => crypto.createCipheriv('aes-128-ecb', Buffer.alloc(17), null),
/Invalid key length/);
}

{
// https://github.com/nodejs/node/issues/45757
// eslint-disable-next-line no-restricted-syntax
assert.throws(() =>
crypto.createCipheriv('aes-128-gcm', Buffer.alloc(16), Buffer.alloc(12))
.update(Buffer.allocUnsafeSlow(2 ** 31 - 1)));
}

0 comments on commit ae6f377

Please sign in to comment.