From 46ece20fe386ddf0d0d47e12b6f699483ec5a95c Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 19 Mar 2021 12:06:50 +0100 Subject: [PATCH] crypto: fix DiffieHellman argument validation Fixes: https://github.com/nodejs/node/issues/37808 PR-URL: https://github.com/nodejs/node/pull/37810 Reviewed-By: James M Snell Reviewed-By: Filip Skokan Reviewed-By: Darshan Sen Reviewed-By: Benjamin Gruenbaum --- lib/internal/crypto/diffiehellman.js | 14 +++++++++++--- test/parallel/test-crypto-dh.js | 6 ++++++ 2 files changed, 17 insertions(+), 3 deletions(-) diff --git a/lib/internal/crypto/diffiehellman.js b/lib/internal/crypto/diffiehellman.js index 8f86911757fe1f..752aabb04c9277 100644 --- a/lib/internal/crypto/diffiehellman.js +++ b/lib/internal/crypto/diffiehellman.js @@ -75,12 +75,20 @@ function DiffieHellman(sizeOrKey, keyEncoding, generator, genEncoding) { if (typeof sizeOrKey !== 'number') sizeOrKey = toBuf(sizeOrKey, keyEncoding); - if (!generator) + if (!generator) { generator = DH_GENERATOR; - else if (typeof generator === 'number') + } else if (typeof generator === 'number') { validateInt32(generator, 'generator'); - else + } else if (generator !== true) { generator = toBuf(generator, genEncoding); + } else { + throw new ERR_INVALID_ARG_TYPE( + 'generator', + ['number', 'string', 'ArrayBuffer', 'Buffer', 'TypedArray', 'DataView'], + generator + ); + } + this[kHandle] = new _DiffieHellman(sizeOrKey, generator); ObjectDefineProperty(this, 'verifyError', { diff --git a/test/parallel/test-crypto-dh.js b/test/parallel/test-crypto-dh.js index f51ffba042421a..8a5fd21eea511e 100644 --- a/test/parallel/test-crypto-dh.js +++ b/test/parallel/test-crypto-dh.js @@ -471,3 +471,9 @@ assert.throws( 'crypto.getDiffieHellman(\'modp1\').setPublicKey(\'\') ' + 'failed to throw the expected error.' ); +assert.throws( + () => crypto.createDiffieHellman('', true), + { + code: 'ERR_INVALID_ARG_TYPE' + } +);