jsthemis: Add missing returns after errors (#999)

* jsthemis: Add missing returns after errors There were two places in the code with missing return statements after errors. As a result, if something in key generation goes wrong, the wrapper will segfault while trying to allocate huge vectors for the keys. It's interesting how these bugs remained unnoticed for such a long time (~4 years). This is because it's hard to make key pair generation fail. It works surprisingly well most of the time :) * Update changelog
cossacklabs · May 25, 2023 · be54e99 · be54e99
1 parent 0bd5aac
commit be54e99
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -23,6 +23,7 @@ _Code:_
 - **Node.js**
 
   - Node.js v8 is no longer supported ([#901](https://github.com/cossacklabs/themis/pull/901)).
+  - Fixed bug that leads to segfauls if key pair generation fails ([#999](https://github.com/cossacklabs/themis/pull/999))
 
 - **Python**
 

diff --git a/src/wrappers/themis/jsthemis/secure_keygen.cpp b/src/wrappers/themis/jsthemis/secure_keygen.cpp
@@ -92,13 +92,15 @@ void KeyPair::New(const Nan::FunctionCallbackInfo<v8::Value>& args)
             if (status != THEMIS_BUFFER_TOO_SMALL) {
                 ThrowError("Key Pair generation failed", status);
                 args.GetReturnValue().SetUndefined();
+                return;
             }
             std::vector<uint8_t> prk(private_key_length);
             std::vector<uint8_t> puk(public_key_length);
             status = themis_gen_ec_key_pair(&prk[0], &private_key_length, &puk[0], &public_key_length);
             if (status != THEMIS_SUCCESS) {
                 ThrowError("Key Pair generation failed", status);
                 args.GetReturnValue().SetUndefined();
+                return;
             }
             KeyPair* obj = new KeyPair(prk, puk);
             obj->Wrap(args.This());