Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit dc384f9

Browse filesBrowse files
ndosscheaduh95
ndossche
authored and
aduh95
committed
crypto: fix handling of null BUF_MEM* in ToV8Value()
The assignment to `bptr` calls `BIO_get_mem_ptr` which can fail and leave the `bptr` as nullptr. This then later causes a null pointer deref. This is inconsistent with uses of the similar function `BIO_get_mem_data` that do check its return value, e.g. `node::crypto::X509sToArrayOfStrings()`. Solve it by checking for a null pointer and handling the `Nothing` return value at the call sites. PR-URL: #61885 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
1 parent 705bbd6 commit dc384f9
Copy full SHA for dc384f9

2 files changed

+14-1Lines changed: 14 additions & 1 deletion

File tree

Expand file treeCollapse file tree
Open diff view settings
Filter options
Expand file treeCollapse file tree
Open diff view settings
Collapse file

‎src/crypto/crypto_keys.cc‎

Copy file name to clipboardExpand all lines: src/crypto/crypto_keys.cc
+8-1Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -86,8 +86,15 @@ MaybeLocal<Value> ToV8Value(
8686
Environment* env,
8787
const BIOPointer& bio,
8888
const EVPKeyPointer::AsymmetricKeyEncodingConfig& config) {
89-
if (!bio) return {};
89+
if (!bio) {
90+
THROW_ERR_CRYPTO_OPERATION_FAILED(env, "Invalid BIO pointer");
91+
return {};
92+
}
9093
BUF_MEM* bptr = bio;
94+
if (!bptr) {
95+
THROW_ERR_CRYPTO_OPERATION_FAILED(env, "Unable to create BUF_MEM pointer");
96+
return {};
97+
}
9198
if (config.format == EVPKeyPointer::PKFormatType::PEM) {
9299
// PEM is an ASCII format, so we will return it as a string.
93100
return String::NewFromUtf8(
Collapse file

‎src/crypto/crypto_x509.cc‎

Copy file name to clipboardExpand all lines: src/crypto/crypto_x509.cc
+6Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,8 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, BIOPointer&& bio) {
106106
if (!bio) [[unlikely]]
107107
return {};
108108
BUF_MEM* mem = bio;
109+
if (!mem) [[unlikely]]
110+
return {};
109111
Local<Value> ret;
110112
if (!String::NewFromUtf8(Isolate::GetCurrent(),
111113
mem->data,
@@ -120,6 +122,8 @@ MaybeLocal<Value> ToV8Value(Local<Context> context, const BIOPointer& bio) {
120122
if (!bio) [[unlikely]]
121123
return {};
122124
BUF_MEM* mem = bio;
125+
if (!mem) [[unlikely]]
126+
return {};
123127
Local<Value> ret;
124128
if (!String::NewFromUtf8(Isolate::GetCurrent(),
125129
mem->data,
@@ -134,6 +138,8 @@ MaybeLocal<Value> ToBuffer(Environment* env, BIOPointer* bio) {
134138
if (bio == nullptr || !*bio) [[unlikely]]
135139
return {};
136140
BUF_MEM* mem = *bio;
141+
if (!mem) [[unlikely]]
142+
return {};
137143
#ifdef V8_ENABLE_SANDBOX
138144
// If the v8 sandbox is enabled, then all array buffers must be allocated
139145
// via the isolate. External buffers are not allowed. So, instead of wrapping

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.