crypto: fail early if passphrase is too long

This causes OpenSSL to fail early if the decryption passphrase is too long, and produces a somewhat helpful error message. PR-URL: https://github.com/nodejs/node/pull/27010 Refs: https://github.com/nodejs/node/pull/25208 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2019-03-30 00:19:39 +0100
committer: Ruben Bridgewater <ruben@bridgewater.de> 2019-04-04 16:09:11 +0200
commit: 73bca57988c847a4b17b923686eee8e04e4fa13c (patch)
tree: 826a7cf8cce84fe8e974f68314f81bb109468425 /src
parent: 608878c95692e12a42d97f2b7cfd839453bc815d (diff)
download: android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.gz
android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.bz2
android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/node_crypto.cc b/src/node_crypto.cc
index a5cead4ae5..1bdc099b34 100644
--- a/src/node_crypto.cc
+++ b/src/node_crypto.cc
@@ -189,7 +189,8 @@ static int PasswordCallback(char* buf, int size, int rwflag, void* u) {
   if (passphrase != nullptr) {
     size_t buflen = static_cast<size_t>(size);
     size_t len = strlen(passphrase);
-    len = len > buflen ? buflen : len;
+    if (buflen < len)
+      return -1;
     memcpy(buf, passphrase, len);
     return len;
   }
author	Tobias Nießen <tniessen@tnie.de>	2019-03-30 00:19:39 +0100
committer	Ruben Bridgewater <ruben@bridgewater.de>	2019-04-04 16:09:11 +0200
commit	73bca57988c847a4b17b923686eee8e04e4fa13c (patch)
tree	826a7cf8cce84fe8e974f68314f81bb109468425 /src
parent	608878c95692e12a42d97f2b7cfd839453bc815d (diff)
download	android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.gz android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.tar.bz2 android-node-v8-73bca57988c847a4b17b923686eee8e04e4fa13c.zip