daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

crypto: check randomBytes() size argument 

Throw a TypeError if size > 0x3fffffff. Avoids the following V8 fatal
error:

  FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
  length exceeds max acceptable value

Fixes #5126.
pull/24507/merge
Ben Noordhuis 2013-03-23 15:48:56 +01:00
parent 132c77e9f9
commit 628bd81afb
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/node_crypto.cc
View File

@ -3930,11 +3930,13 @@ Handle<Value> RandomBytes(const Arguments& args) {
// maybe allow a buffer to write to? cuts down on object creation // maybe allow a buffer to write to? cuts down on object creation
// when generating random data in a loop // when generating random data in a loop
if (!args[0]->IsUint32()) { if (!args[0]->IsUint32()) {
Local<String> s = String::New("Argument #1 must be number > 0"); return ThrowTypeError("Argument #1 must be number > 0");
return ThrowException(Exception::TypeError(s));
} }
const size_t size = args[0]->Uint32Value(); const uint32_t size = args[0]->Uint32Value();
if (size > Buffer::kMaxLength) {
return ThrowTypeError("size > Buffer::kMaxLength");
}
RandomBytesRequest* req = new RandomBytesRequest(); RandomBytesRequest* req = new RandomBytesRequest();
req->error_ = 0; req->error_ = 0;

6
test/simple/test-crypto-random.js
View File

@ -70,3 +70,9 @@ function checkCall(cb, desc) {
return called_ = true, cb.apply(cb, Array.prototype.slice.call(arguments)); return called_ = true, cb.apply(cb, Array.prototype.slice.call(arguments));
}; };
} }
// #5126, "FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
// length exceeds max acceptable value"
assert.throws(function() {
crypto.randomBytes(0x3fffffff + 1);
}, TypeError);