From 43cc6bc9f313abc014271f75e8fdfd16dfd6c108 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sat, 14 Jul 2018 18:59:39 +0200
Subject: [PATCH] crypto: prevent Sign::SignFinal from crashing

The validation logic could be tricked into assuming an option was
valid using malicious getters, leading to an invalid value being
passed to the C++ layer, thus crashing the process.

PR-URL: https://github.com/nodejs/node/pull/21815
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
---
 lib/internal/crypto/sig.js | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js
index b6f8ceb5018..8aff7354735 100644
--- a/lib/internal/crypto/sig.js
+++ b/lib/internal/crypto/sig.js
@@ -57,10 +57,11 @@ function getSaltLength(options) {
 
 function getIntOption(name, defaultValue, options) {
   if (options.hasOwnProperty(name)) {
-    if (options[name] === options[name] >> 0) {
-      return options[name];
+    const value = options[name];
+    if (value === value >> 0) {
+      return value;
     } else {
-      throw new ERR_INVALID_OPT_VALUE(name, options[name]);
+      throw new ERR_INVALID_OPT_VALUE(name, value);
     }
   }
   return defaultValue;