crypto: fix zero byte allocation assertion failure
When an empty string was passed, malloc might have returned a nullptr depending on the platform, causing an assertion failure. This change makes private key parsing behave as public key parsing does, causing a BIO error instead that can be caught in JS. Fixes: https://github.com/nodejs/node/issues/25247 PR-URL: https://github.com/nodejs/node/pull/25248 Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit is contained in:
parent
54fa59c8bf
commit
fe5b8dca40
@ -2696,7 +2696,7 @@ static bool IsSupportedAuthenticatedMode(const EVP_CIPHER_CTX* ctx) {
|
|||||||
template <typename T>
|
template <typename T>
|
||||||
static T* MallocOpenSSL(size_t count) {
|
static T* MallocOpenSSL(size_t count) {
|
||||||
void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
|
void* mem = OPENSSL_malloc(MultiplyWithOverflowCheck(count, sizeof(T)));
|
||||||
CHECK_NOT_NULL(mem);
|
CHECK_IMPLIES(mem == nullptr, count == 0);
|
||||||
return static_cast<T*>(mem);
|
return static_cast<T*>(mem);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2854,7 +2854,8 @@ static EVPKeyPointer ParsePrivateKey(const PrivateKeyEncodingConfig& config,
|
|||||||
|
|
||||||
if (config.format_ == kKeyFormatPEM) {
|
if (config.format_ == kKeyFormatPEM) {
|
||||||
BIOPointer bio(BIO_new_mem_buf(key, key_len));
|
BIOPointer bio(BIO_new_mem_buf(key, key_len));
|
||||||
CHECK(bio);
|
if (!bio)
|
||||||
|
return pkey;
|
||||||
|
|
||||||
char* pass = const_cast<char*>(config.passphrase_.get());
|
char* pass = const_cast<char*>(config.passphrase_.get());
|
||||||
pkey.reset(PEM_read_bio_PrivateKey(bio.get(),
|
pkey.reset(PEM_read_bio_PrivateKey(bio.get(),
|
||||||
@ -2869,7 +2870,8 @@ static EVPKeyPointer ParsePrivateKey(const PrivateKeyEncodingConfig& config,
|
|||||||
pkey.reset(d2i_PrivateKey(EVP_PKEY_RSA, nullptr, &p, key_len));
|
pkey.reset(d2i_PrivateKey(EVP_PKEY_RSA, nullptr, &p, key_len));
|
||||||
} else if (config.type_.ToChecked() == kKeyEncodingPKCS8) {
|
} else if (config.type_.ToChecked() == kKeyEncodingPKCS8) {
|
||||||
BIOPointer bio(BIO_new_mem_buf(key, key_len));
|
BIOPointer bio(BIO_new_mem_buf(key, key_len));
|
||||||
CHECK(bio);
|
if (!bio)
|
||||||
|
return pkey;
|
||||||
char* pass = const_cast<char*>(config.passphrase_.get());
|
char* pass = const_cast<char*>(config.passphrase_.get());
|
||||||
pkey.reset(d2i_PKCS8PrivateKey_bio(bio.get(),
|
pkey.reset(d2i_PKCS8PrivateKey_bio(bio.get(),
|
||||||
nullptr,
|
nullptr,
|
||||||
|
@ -105,3 +105,10 @@ const privatePem = fixtures.readSync('test_rsa_privkey.pem', 'ascii');
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
// This should not cause a crash: https://github.com/nodejs/node/issues/25247
|
||||||
|
assert.throws(() => {
|
||||||
|
createPrivateKey({ key: '' });
|
||||||
|
}, /null/);
|
||||||
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user