crypto: handle exceptions in hmac/hash.digest #12164
Add checks and regression test
- Loading branch information
commit 23f95ab393e519336cea4d514ee0bb49016fc7e1
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| 'use strict'; | ||
| const common = require('../common'); | ||
| const assert = require('assert'); | ||
| const execFile = require('child_process').execFile; | ||
|
|
||
| if (!common.hasCrypto) { | ||
| common.skip('missing crypto'); | ||
| return; | ||
| } | ||
|
|
||
| const setup = 'const enc = { toString: () => { throw new Error("xyz"); } };'; | ||
|
|
||
| const scripts = [ | ||
| 'crypto.createHash("sha256").digest(enc)', | ||
| 'crypto.createHmac("sha256", "msg").digest(enc)' | ||
| ]; | ||
|
Member
There was a problem hiding this comment. Adding the code in a
Member
Author
There was a problem hiding this comment. Do you mean adding the code as a JSON file or do you mean a JS file which can then be executed within the spawned node process? We are talking about two lines of code here...
Member
There was a problem hiding this comment. Yes, the latter. I'm fine with this the way it is, I'd just generally prefer a fixture. Feel free to ignore tho :-)
Member
Author
There was a problem hiding this comment. Mhhh I think I will keep it this way unless someone expresses a strong opposing opinion, but thank you for your feedback :) |
||
|
|
||
| scripts.forEach((script) => { | ||
| const node = process.execPath; | ||
| const code = setup + ';' + script; | ||
| execFile(node, [ '-e', code ], common.mustCall((err, stdout, stderr) => { | ||
| assert(stderr.includes('Error: xyz'), 'digest crashes'); | ||
| })); | ||
| }); | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe leave a
CHECK(args[i]->IsString());line before theParseEncodingcalls?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I remember correctly, most functions just ignore invalid encoding values and use the default value instead. Currently, we are forcing the conversion to a string, but just because it is a string doesn't make it a valid encoding value. Adding a
CHECKshouldn't do any harm, until we decide to finally drop support fortoString()for consistency with other APIs. However, if we do not add a chack and the parameter is not a string (which won't happen now, but might as soon as we decide to drop support fortoString()), there won't be any problems, the value will be ignored (ParseEncodingwill return instantly).The above only applies to
hmacandhash. Forsignandverify, the encoding parameter seems to always benull, so theCHECKwould fail, right?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tniessen Still, if we drop
toString()support it’s easy to just drop the checks again. (Likewise, it would be good if you included the test you said you had prepared in this PR – it’s easy to change things later, but for now it’s best to test the current behaviour.)It looks that way, yes… maybe you could fix that up and drop the unused code bits? That also simplifies
SignFinal(), right now theStringBytes::Encode()encode call there seems like a completely unnecessary extra copy operation.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@addaleax You are right, I will add the
CHECKs and add the regression test.Is it okay to do that in a separate PR or will that create too much organizational overhead?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That’s your call… you can also maintain multiple commits in a single PR, which may or may not be easier for you. :) I don’t think there are other open pull requests for this code that would generate merge conflicts, and everything we talked about (except maybe dropping
toString()support) semver-patch.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I will create a separate PR after this gets merged to avoid conflicts and keep it simple, thank you for your support :)