Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
crypto: fix checkPrime crash with large buffers
Browse files Browse the repository at this point in the history
Fixes: #56512
PR-URL: #56559
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
santigimeno authored and Ceres6 committed Jan 13, 2025
1 parent 892386d commit 6e61361
Showing 2 changed files with 18 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/crypto/crypto_random.cc
Original file line number Diff line number Diff line change
@@ -176,6 +176,11 @@ Maybe<void> CheckPrimeTraits::AdditionalConfig(
ArrayBufferOrViewContents<unsigned char> candidate(args[offset]);

params->candidate = BignumPointer(candidate.data(), candidate.size());
if (!params->candidate) {
ThrowCryptoError(
Environment::GetCurrent(args), ERR_get_error(), "BignumPointer");
return Nothing<void>();
}

CHECK(args[offset + 1]->IsInt32()); // Checks
params->checks = args[offset + 1].As<Int32>()->Value();
13 changes: 13 additions & 0 deletions test/parallel/test-crypto-prime.js
Original file line number Diff line number Diff line change
@@ -254,6 +254,19 @@ for (const checks of [-(2 ** 31), -1, 2 ** 31, 2 ** 32 - 1, 2 ** 32, 2 ** 50]) {
});
}

{
const bytes = Buffer.alloc(67108864);
bytes[0] = 0x1;
assert.throws(() => checkPrime(bytes, common.mustNotCall()), {
code: 'ERR_OSSL_BN_BIGNUM_TOO_LONG',
message: /bignum too long/
});
assert.throws(() => checkPrimeSync(bytes), {
code: 'ERR_OSSL_BN_BIGNUM_TOO_LONG',
message: /bignum too long/
});
}

assert(!checkPrimeSync(Buffer.from([0x1])));
assert(checkPrimeSync(Buffer.from([0x2])));
assert(checkPrimeSync(Buffer.from([0x3])));

0 comments on commit 6e61361

Please sign in to comment.