diff options
author | Tobias Nießen <tniessen@tnie.de> | 2019-03-30 00:19:39 +0100 |
---|---|---|
committer | Ruben Bridgewater <ruben@bridgewater.de> | 2019-04-04 16:09:11 +0200 |
commit | 73bca57988c847a4b17b923686eee8e04e4fa13c (patch) | |
tree | 826a7cf8cce84fe8e974f68314f81bb109468425 /src | |
parent | 608878c95692e12a42d97f2b7cfd839453bc815d (diff) | |
download | android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.gz android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.bz2 android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.zip |
crypto: fail early if passphrase is too long
This causes OpenSSL to fail early if the decryption passphrase is too
long, and produces a somewhat helpful error message.
PR-URL: https://github.com/nodejs/node/pull/27010
Refs: https://github.com/nodejs/node/pull/25208
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/node_crypto.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc index a5cead4ae5..1bdc099b34 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -189,7 +189,8 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) { if (passphrase != nullptr) { size_t buflen = static_cast<size_t>(size); size_t len = strlen(passphrase); - len = len > buflen ? buflen : len; + if (buflen < len) + return -1; memcpy(buf, passphrase, len); return len; } |