Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto: fix regression in randomFill/randomBytes #35135

Closed
wants to merge 4 commits into from
Closed

crypto: fix regression in randomFill/randomBytes #35135

wants to merge 4 commits into from

Conversation

jasnell
Copy link
Member

@jasnell jasnell commented Sep 9, 2020
edited
Loading

Fixes a segfault when a buffer larger than 2**31-1 is passed in to randomFill/randomFillSync or when a size larger than 2**31-1 is passed in to randomBytes.

I opened this one separate because we should decide if this is the way we want to handle this. This PR adds a throw if the size is larger than 2**31-1. Alternatively, we could allow larger values by splitting it into multiple calls to RAND_bytes. That said, I'd like to believe that asking for random values larger than 2**31-1 is going to be exceedingly rare (I'd really hope), so I think the throw is sufficient here.

Related to: #35132

Signed-off-by: James M Snell jasnell@gmail.com

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines

@jasnell
crypto: fix regression in randomFill/randomBytes
4d516dd 
Fixes a segfault when a buffer larger than 2**31-1 is passed in
to randomFill/randomFillSync or when a size larger than 2**31-1
is passed in to randomBytes.

Signed-off-by: James M Snell <jasnell@gmail.com>
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. labels Sep 9, 2020
@nodejs-github-bot
Copy link
Collaborator

Review requested:

  • @nodejs/crypto

@jasnell jasnell requested a review from addaleax September 9, 2020 21:54
@jasnell jasnell added the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Sep 9, 2020
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/33120/

addaleax
addaleax approved these changes Sep 9, 2020
View reviewed changes
test/common/index.js Outdated Show resolved Hide resolved
jasnell
jasnell commented Sep 9, 2020
View reviewed changes
test/common/index.js Outdated Show resolved Hide resolved
@jasnell jasnell added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 9, 2020
bnoordhuis
bnoordhuis approved these changes Sep 10, 2020
View reviewed changes
Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems fine to me. Requesting more than a few kilobytes of randomness is already questionable (what do you need so much entropy for?), let alone 2 GB.

lundibundi
lundibundi approved these changes Sep 10, 2020
View reviewed changes
doc/api/crypto.md Outdated Show resolved Hide resolved
@jasnell @lundibundi
[squash] nit
399f61d 
Co-authored-by: Denys Otrishko <shishugi@gmail.com>
lundibundi
lundibundi reviewed Sep 10, 2020
View reviewed changes
doc/api/crypto.md
@@ -2691,9 +2691,11 @@ changes:
description: The `buffer` argument may be any `TypedArray` or `DataView`.
-->

* `buffer` {Buffer|TypedArray|DataView} Must be supplied.
* `buffer` {Buffer|TypedArray|DataView} Must be supplied. The
size of the provided `buffer` must not be larger than `2**31 - 1`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ditto

Suggested change
size of the provided `buffer` must not be larger than `2**31 - 1`.
size of the provided `buffer` must be less or equal to `2**31 - 1`.

Copy link
Member

@Trott Trott Sep 16, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, I think less than or equal to would be the way to go here and in the other three examples, but I'm not blocking. Whatever wording is used is fine by me. Can always be changed later.

Suggested change
size of the provided `buffer` must not be larger than `2**31 - 1`.
size of the provided `buffer` must be less than or equal to `2**31 - 1`.

doc/api/crypto.md
* `offset` {number} **Default:** `0`
* `size` {number} **Default:** `buffer.length - offset`
* `size` {number} **Default:** `buffer.length - offset`. The `size`
must not be larger than `2**31 - 1`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
must not be larger than `2**31 - 1`.
must be less or equal to `2**31 - 1`.

doc/api/crypto.md
@@ -2737,9 +2739,11 @@ changes:
description: The `buffer` argument may be any `TypedArray` or `DataView`.
-->

* `buffer` {Buffer|TypedArray|DataView} Must be supplied.
* `buffer` {Buffer|TypedArray|DataView} Must be supplied. The size
of the provided `buffer` must not be larger than `2**31 - 1`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
of the provided `buffer` must not be larger than `2**31 - 1`.
of the provided `buffer` must be less or equal to `2**31 - 1`.

doc/api/crypto.md
* `offset` {number} **Default:** `0`
* `size` {number} **Default:** `buffer.length - offset`
* `size` {number} **Default:** `buffer.length - offset`. The `size`
must not be larger than `2**31 - 1`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
must not be larger than `2**31 - 1`.
must be less or equal to `2**31 - 1`.

@Trott Trott removed the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Sep 13, 2020
lpinca
lpinca reviewed Sep 14, 2020
View reviewed changes
src/node_crypto.cc
@@ -5863,7 +5864,10 @@ void RandomBytes(const FunctionCallbackInfo<Value>& args) {
const uint32_t size = args[2].As<Uint32>()->Value();
CHECK_GE(offset + size, offset); // Overflow check.
CHECK_LE(offset + size, Buffer::Length(args[0])); // Bounds check.
Environment* env = Environment::GetCurrent(args);

if (size > INT_MAX)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't it better to do proper validation in JS and only use CHECK_LE here?

@jasnell
Copy link
Member Author

jasnell commented Oct 8, 2020

#35093 landed that incorporated most of these changes.

@jasnell jasnell closed this Oct 8, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lundibundi lundibundi lundibundi approved these changes

@lpinca lpinca lpinca left review comments

@Trott Trott Trott left review comments

@tniessen tniessen tniessen approved these changes

@addaleax addaleax addaleax approved these changes

@bnoordhuis bnoordhuis bnoordhuis approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@jasnell @nodejs-github-bot @bnoordhuis @Trott @addaleax @lpinca @tniessen @lundibundi