-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Crypto Hashm/Hmac digest segfault on bad input #9819
Comments
After fixing this, I noticed that the crypto API is more or less the only part of node which uses
but this is consistent with other APIs:
If this is not okay, I can create a PR which correctly handles exceptions thrown when evaluating @addaleax Hope it's okay to ping you about this, what do you think? :) |
I don’t have a strong preference, but dropping The version of And yes, it’s definitely okay to ping me. :) |
This is exactly how I fixed it. Alternatively, we could do the conversion in
|
I feel like @bnoordhuis might be into that option. 😛 But really, everything you suggest here sounds okay to me – want to go ahead and open a PR? |
Forced conversion of the encoding parameter to a string within crypto.js, fixing segmentation faults in node_crypto.cc. Fixes: nodejs#9819
@tniessen I think handling it properly in C++ as you did is the best way to do it, even if you end up doing casts in crypto.js. It's pretty easy to get at functions indirectly even if process.binding is hidden at some point. Thank you both for going through these! |
Forced conversion of the encoding parameter to a string within crypto.js, fixing segmentation faults in node_crypto.cc. Fixes: nodejs#9819 PR-URL: nodejs#12164 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
Forced conversion of the encoding parameter to a string within crypto.js, fixing segmentation faults in node_crypto.cc. Fixes: nodejs/node#9819 PR-URL: nodejs/node#12164 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com>
Rename the tests appropriately alongside mentioning the subsystem Also, make a few basic changes to make sure the tests conform to the standard test structure - Rename test-regress-nodejsGH-9819 to test-crypto-tostring-segfault - Rename test-regress-nodejsGH-5051 to test-http-addrequest-localaddress - Rename test-regress-nodejsGH-5727 to test-net-listen-invalid-port - Rename test-regress-nodejsGH-5927 to test-tty-stdin-pipe - Rename test-regress-nodejsGH-6235 to test-v8-global-setter Refs: nodejs#19105 Refs: https://github.com/nodejs/node/blob/master/doc/guides/writing-tests.md#test-structure
Rename the tests appropriately alongside mentioning the subsystem. Also, make a few basic changes to make sure the tests conform to the standard test structure. - Rename test-regress-GH-9819 to test-crypto-tostring-segfault - Rename test-regress-GH-5051 to test-http-addrequest-localaddress - Rename test-regress-GH-5727 to test-net-listen-invalid-port - Rename test-regress-GH-5927 to test-tty-stdin-pipe - Rename test-regress-GH-6235 to test-v8-global-setter PR-URL: #19275 Refs: #19105 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Rename the tests appropriately alongside mentioning the subsystem. Also, make a few basic changes to make sure the tests conform to the standard test structure. - Rename test-regress-GH-9819 to test-crypto-tostring-segfault - Rename test-regress-GH-5051 to test-http-addrequest-localaddress - Rename test-regress-GH-5727 to test-net-listen-invalid-port - Rename test-regress-GH-5927 to test-tty-stdin-pipe - Rename test-regress-GH-6235 to test-v8-global-setter PR-URL: #19275 Refs: #19105 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Rename the tests appropriately alongside mentioning the subsystem. Also, make a few basic changes to make sure the tests conform to the standard test structure. - Rename test-regress-GH-9819 to test-crypto-tostring-segfault - Rename test-regress-GH-5051 to test-http-addrequest-localaddress - Rename test-regress-GH-5727 to test-net-listen-invalid-port - Rename test-regress-GH-5927 to test-tty-stdin-pipe - Rename test-regress-GH-6235 to test-v8-global-setter PR-URL: #19275 Refs: #19105 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Rename the tests appropriately alongside mentioning the subsystem. Also, make a few basic changes to make sure the tests conform to the standard test structure. - Rename test-regress-nodejsGH-9819 to test-crypto-tostring-segfault - Rename test-regress-nodejsGH-5051 to test-http-addrequest-localaddress - Rename test-regress-nodejsGH-5727 to test-net-listen-invalid-port - Rename test-regress-nodejsGH-5927 to test-tty-stdin-pipe - Rename test-regress-nodejsGH-6235 to test-v8-global-setter PR-URL: nodejs#19275 Refs: nodejs#19105 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Both Hash's and Hmac's digest binding functions hard crash when given an object
that either defines a throwing getter or throwing
toString
. For example:and:
both crash because they call
ParseEncoding
with an emptyv8::Value
:Internally, PraseEncoding calls
encoding_v->IsString()
without checking ifthe value is
Empty
, hence the crash.May be worth checking other callsites for ParseEncoding. The binding code for
verify.verify()
calls ParseEncoding too, but the actual encoding argumentfrom JS land is never passed in. (This is similar to the unused code I
mentioend in #9817, but for
sign()
.)+@mlfbrown for joint work.
The text was updated successfully, but these errors were encountered: