crypto: check for valid iteration length in pbkdf2 #3173
Conversation
|
cc @nodejs/crypto |
src/node_crypto.cc
Outdated
| iter = args[2]->Int32Value(); | ||
| if (iter < 0) { | ||
| iter = args[2]->NumberValue(); | ||
| if (iter < 0 || isnan(iter) || isinf(iter)) { | ||
| type_error = "Bad iterations"; |
There was a problem hiding this comment.
I suppose the error could be more explanatory
There was a problem hiding this comment.
would bump this to a semver-major. let's do that in either a difference commit or PR so it can be backported.
|
Oh hey I'd given up on this, thanks for reviving! I'll check your suggestions and get back :) |
estliberitas
force-pushed
the
master
branch
2 times, most recently
from
7da4fd4
to
c7066fb
Compare
|
ping @johannhof :-) |
An iteration length of NaN or Infinity is currently silently coerced to 0, which is more or less undefined behaviour. This commit makes NaN and Infinity invalid iteration parameter values. We're doing the same checks for other parameters already, so it would make sense to be consistent here.
johannhof
force-pushed
the
pbkdf2-check-iterations
branch
from
3701251
to
3f25cfd
Compare
|
@nodejs/crypto sorry for the wait, ready for another review |
|
huh, can I not mention teams? then ping @jasnell @indutny @thefourtheye @trevnorris :) |
|
@johannhof ... Thanks! will take a look a bit later today! |
|
I wondering if it would be better for this check to be done in the JS instead. @nodejs/crypto |
rvagg
force-pushed
the
master
branch
2 times, most recently
from
c133999
to
83c7a88
Compare
jasnell
added
the
semver-major
|
@johannhof ... is this still something you'd like to pursue? |
|
Closing due to lack of forward progress. Can reopen and revisit if necessary |
An iteration length of NaN or Infinity is currently silently coerced to
0, which is more or less undefined behaviour. This commit makes NaN and
Infinity invalid iteration parameter values.
We're doing the same checks for other parameters already, so it would
make sense to be consistent here.