'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' results in an abort #32748

zyscoder · 2020-04-10T02:25:16Z

Version: v12.16.0
Platform: Linux vul337 4.15.0-91-generic new design of error handling #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: crypto

What steps will reproduce the bug?

Directly run the following code snippet using node:

require('crypto').createDiffieHellman('str', 3.14);

How often does it reproduce? Is there a required condition?

No. This potential bug can always be reproduced.

What is the expected behavior?

The second argument to 'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' should be a 'HexBase64Latin1Encoding' value as the encoding of the first argument, but we passed a float pointer value into it. The function should throw an exception or other similar error-reporting stuff rather than crash the whole nodejs process.

What do you see instead?

This is the stack dump produced during abort:

./node[36752]: ../src/util-inl.h:495:node::ArrayBufferViewContents<char, 64>::ArrayBufferViewContents(v8::Local<v8::Value>) [T = char, kStackStorageSize = 64]: Assertion `value->IsArrayBufferView()' failed.
 1: 0x13f9b30 node::Abort() [./node]
 2: 0x13f9709  [./node]
 3: 0x160c480 node::crypto::DiffieHellman::DiffieHellmanGroup(v8::FunctionCallbackInfo<v8::Value> const&) [./node]
 4: 0x17b379c v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [./node]
 5: 0x17b1c91  [./node]
 6: 0x17b104c  [./node]
 7: 0x2717a59  [./node]
[1]    36752 abort      ./node

Additional information

The text was updated successfully, but these errors were encountered:

hassaanp · 2020-04-10T04:30:20Z

@himself65 is this open to fix or will #32739 address this?

himself65 · 2020-04-10T04:34:10Z

Still open to fix, and I mentioned this issue in that PR because I think this bug could also be fixed in that PR, just need a little update.

hassaanp · 2020-04-10T04:37:23Z

Oh alright.

Validate the generator argument in `crypto.createDiffieHellman(key, g)`. When it's a number, it should be an int32. Fixes: nodejs#32748

Validate the generator argument in `crypto.createDiffieHellman(key, g)`. When it's a number, it should be an int32. Fixes: #32748 PR-URL: #32739 Fixes: #32738 Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Zeyu Yang <[email protected]> Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]>

himself65 added confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem. labels Apr 10, 2020

himself65 mentioned this issue Apr 10, 2020

crypto: reject non-int32 values in DiffieHellman() #32739

Closed

bnoordhuis added a commit to bnoordhuis/io.js that referenced this issue Apr 10, 2020

crypto: generator must be int32 in DiffieHellman()

a3d413a

Validate the generator argument in `crypto.createDiffieHellman(key, g)`. When it's a number, it should be an int32. Fixes: nodejs#32748

addaleax closed this as completed in 0694401 Apr 28, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' results in an abort #32748

'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' results in an abort #32748

zyscoder commented Apr 10, 2020

hassaanp commented Apr 10, 2020

himself65 commented Apr 10, 2020

hassaanp commented Apr 10, 2020

'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' results in an abort #32748

'crypto.createDiffieHellman(prime: string, prime_encoding: HexBase64Latin1Encoding)' results in an abort #32748

Comments

zyscoder commented Apr 10, 2020

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information

hassaanp commented Apr 10, 2020

himself65 commented Apr 10, 2020

hassaanp commented Apr 10, 2020