- Version: 6.4.0 - 8.0.0
- Platform:
- Subsystem:
Both Hash's and Hmac's digest binding functions hard crash when given an object
that either defines a throwing getter or throwing toString. For example:
crypto.createHash('sha256').digest({ toString: () => { throw 'w00t'; }});and:
crypto.Hmac("sha256", "message").digest({ toString: () => { throw 'w00t'; }});both crash because they call ParseEncoding with an empty v8::Value:
ParseEncoding(env->isolate(),
args[0]->ToString(env->isolate()),
BUFFER);Internally, PraseEncoding calls encoding_v->IsString() without checking if
the value is Empty, hence the crash.
May be worth checking other callsites for ParseEncoding. The binding code for
verify.verify() calls ParseEncoding too, but the actual encoding argument
from JS land is never passed in. (This is similar to the unused code I
mentioend in #9817, but for sign().)
+@mlfbrown for joint work.
Both Hash's and Hmac's digest binding functions hard crash when given an object
that either defines a throwing getter or throwing
toString. For example:and:
both crash because they call
ParseEncodingwith an emptyv8::Value:Internally, PraseEncoding calls
encoding_v->IsString()without checking ifthe value is
Empty, hence the crash.May be worth checking other callsites for ParseEncoding. The binding code for
verify.verify()calls ParseEncoding too, but the actual encoding argumentfrom JS land is never passed in. (This is similar to the unused code I
mentioend in #9817, but for
sign().)+@mlfbrown for joint work.