diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-07-23 15:12:32 +0200 |
---|---|---|
committer | Rich Trott <rtrott@gmail.com> | 2019-07-26 10:19:28 -0700 |
commit | 499533f72a2dce111d6fde9c21b90b51fff35ab6 (patch) | |
tree | 158578631061383799317944243c883867758f72 /lib/internal/crypto | |
parent | 31d9b2f14fe9851b530c213b92e14b4646f6d131 (diff) | |
download | android-node-v8-499533f72a2dce111d6fde9c21b90b51fff35ab6.tar.gz android-node-v8-499533f72a2dce111d6fde9c21b90b51fff35ab6.tar.bz2 android-node-v8-499533f72a2dce111d6fde9c21b90b51fff35ab6.zip |
crypto: fix handling of malicious getters (scrypt)
It is possible to bypass parameter validation in crypto.scrypt and
crypto.scryptSync by crafting option objects with malicious getters as
demonstrated in the regression test. After bypassing validation, any
value can be passed to the C++ layer, causing an assertion to crash
the process.
Fixes: https://github.com/nodejs/node/issues/28836
PR-URL: https://github.com/nodejs/node/pull/28838
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Diffstat (limited to 'lib/internal/crypto')
-rw-r--r-- | lib/internal/crypto/scrypt.js | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/lib/internal/crypto/scrypt.js b/lib/internal/crypto/scrypt.js index 2705611832..e2751f8fa5 100644 --- a/lib/internal/crypto/scrypt.js +++ b/lib/internal/crypto/scrypt.js @@ -80,31 +80,31 @@ function check(password, salt, keylen, options) { if (options && options !== defaults) { let has_N, has_r, has_p; if (has_N = (options.N !== undefined)) { - validateUint32(options.N, 'N'); N = options.N; + validateUint32(N, 'N'); } if (options.cost !== undefined) { if (has_N) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); - validateUint32(options.cost, 'cost'); N = options.cost; + validateUint32(N, 'cost'); } if (has_r = (options.r !== undefined)) { - validateUint32(options.r, 'r'); r = options.r; + validateUint32(r, 'r'); } if (options.blockSize !== undefined) { if (has_r) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); - validateUint32(options.blockSize, 'blockSize'); r = options.blockSize; + validateUint32(r, 'blockSize'); } if (has_p = (options.p !== undefined)) { - validateUint32(options.p, 'p'); p = options.p; + validateUint32(p, 'p'); } if (options.parallelization !== undefined) { if (has_p) throw new ERR_CRYPTO_SCRYPT_INVALID_PARAMETER(); - validateUint32(options.parallelization, 'parallelization'); p = options.parallelization; + validateUint32(p, 'parallelization'); } if (options.maxmem !== undefined) { maxmem = options.maxmem; |