From 7189b3ed337484cbfeb7209bde2dae72c5bae743 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Sat, 2 Mar 2013 02:09:14 +0100 Subject: [PATCH] crypto: don't assert when calling Cipher#final() twice Remove the assert() that triggered when Cipher#final() or Decipher#final() was called twice. Fixes #4886. --- src/node_crypto.cc | 11 ++--------- test/simple/test-crypto.js | 13 +++++++++++++ 2 files changed, 15 insertions(+), 9 deletions(-) diff --git a/src/node_crypto.cc b/src/node_crypto.cc index 7e168b6f34..2b51455611 100644 --- a/src/node_crypto.cc +++ b/src/node_crypto.cc @@ -2301,11 +2301,7 @@ class Cipher : public ObjectWrap { int r = cipher->CipherFinal(&out_value, &out_len); - assert(out_value != NULL); - assert(out_len != -1 || r == 0); - - if (out_len == 0 || r == 0) { - // out_value always get allocated. + if (out_len <= 0 || r == 0) { delete[] out_value; if (r == 0) { Local exception = Exception::TypeError( @@ -2756,10 +2752,7 @@ class Decipher : public ObjectWrap { int r = cipher->DecipherFinal(&out_value, &out_len); - assert(out_value != NULL); - assert(out_len != -1); - - if (out_len == 0 || r == 0) { + if (out_len <= 0 || r == 0) { delete [] out_value; // allocated even if out_len == 0 if (r == 0) { Local exception = Exception::TypeError( diff --git a/test/simple/test-crypto.js b/test/simple/test-crypto.js index 535af760fa..7d6332d326 100644 --- a/test/simple/test-crypto.js +++ b/test/simple/test-crypto.js @@ -665,3 +665,16 @@ crypto.pbkdf2('pass\0word', 'sa\0lt', 4096, 16, function(err, result) { assert.throws(function() { crypto.pbkdf2('password', 'salt', 1, 20, null); }); + +// Calling Cipher.final() or Decipher.final() twice should error but +// not assert. See #4886. +(function() { + var c = crypto.createCipher('aes-256-cbc', 'secret'); + try { c.final('xxx') } catch (e) { /* Ignore. */ } + try { c.final('xxx') } catch (e) { /* Ignore. */ } + try { c.final('xxx') } catch (e) { /* Ignore. */ } + var d = crypto.createDecipher('aes-256-cbc', 'secret'); + try { d.final('xxx') } catch (e) { /* Ignore. */ } + try { d.final('xxx') } catch (e) { /* Ignore. */ } + try { d.final('xxx') } catch (e) { /* Ignore. */ } +})();