diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-06-16 11:26:03 +0200 |
---|---|---|
committer | Tobias Nießen <tniessen@tnie.de> | 2019-06-18 18:42:48 +0200 |
commit | fc50e6bcc81e4b34f4f3f3fe494b79200ae22efb (patch) | |
tree | 2190309e7b22c5950075affa568a97a6ae90bae8 /src/node_crypto.h | |
parent | 8030ca5b9e593a5a800f40f09677a4eca31d1cd0 (diff) | |
download | android-node-v8-fc50e6bcc81e4b34f4f3f3fe494b79200ae22efb.tar.gz android-node-v8-fc50e6bcc81e4b34f4f3f3fe494b79200ae22efb.tar.bz2 android-node-v8-fc50e6bcc81e4b34f4f3f3fe494b79200ae22efb.zip |
crypto: fix crash when calling digest after piping
When piping data into an SHA3 hash, EVP_DigestFinal_ex is called in
hash._flush, bypassing safeguards in the JavaScript layer. Calling
hash.digest causes EVP_DigestFinal_ex to be called again, resulting
in a segmentation fault in the SHA3 implementation of OpenSSL.
A relatively easy solution is to cache the result of calling
EVP_DigestFinal_ex until the Hash object is garbage collected.
PR-URL: https://github.com/nodejs/node/pull/28251
Fixes: https://github.com/nodejs/node/issues/28245
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Diffstat (limited to 'src/node_crypto.h')
-rw-r--r-- | src/node_crypto.h | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/src/node_crypto.h b/src/node_crypto.h index aa29585533..3e337eaddb 100644 --- a/src/node_crypto.h +++ b/src/node_crypto.h @@ -595,12 +595,19 @@ class Hash : public BaseObject { Hash(Environment* env, v8::Local<v8::Object> wrap) : BaseObject(env, wrap), - mdctx_(nullptr) { + mdctx_(nullptr), + md_len_(0) { MakeWeak(); } + ~Hash() override { + OPENSSL_cleanse(md_value_, md_len_); + } + private: EVPMDPointer mdctx_; + unsigned char md_value_[EVP_MAX_MD_SIZE]; + unsigned int md_len_; }; class SignBase : public BaseObject { |