Browse Source

crypto: check randomBytes() size argument

Throw a TypeError if size > 0x3fffffff. Avoids the following V8 fatal
error:

  FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
  length exceeds max acceptable value

Fixes #5126.
v0.10.2-release
Ben Noordhuis 12 years ago
parent
commit
628bd81afb
  1. 8
      src/node_crypto.cc
  2. 6
      test/simple/test-crypto-random.js

8
src/node_crypto.cc

@ -3930,11 +3930,13 @@ Handle<Value> RandomBytes(const Arguments& args) {
// maybe allow a buffer to write to? cuts down on object creation
// when generating random data in a loop
if (!args[0]->IsUint32()) {
Local<String> s = String::New("Argument #1 must be number > 0");
return ThrowException(Exception::TypeError(s));
return ThrowTypeError("Argument #1 must be number > 0");
}
const size_t size = args[0]->Uint32Value();
const uint32_t size = args[0]->Uint32Value();
if (size > Buffer::kMaxLength) {
return ThrowTypeError("size > Buffer::kMaxLength");
}
RandomBytesRequest* req = new RandomBytesRequest();
req->error_ = 0;

6
test/simple/test-crypto-random.js

@ -70,3 +70,9 @@ function checkCall(cb, desc) {
return called_ = true, cb.apply(cb, Array.prototype.slice.call(arguments));
};
}
// #5126, "FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData()
// length exceeds max acceptable value"
assert.throws(function() {
crypto.randomBytes(0x3fffffff + 1);
}, TypeError);

Loading…
Cancel
Save