Skip to content
This repository has been archived by the owner on Apr 3, 2019. It is now read-only.

Commit

Permalink
Don't mutate the elliptic curve prototype with get* additions
Browse files Browse the repository at this point in the history 
Point's prototype is set to the prototype of ec('secp256k1').curve.point(), which means mutation to it is shared across users of 'elliptic' via the in-memory representation of those objects.

This is not generally a problem, for example, with `validate` it's a simple set, so the greatest risk is that it will be directly overwritten.

But in the case of `getX` and `getY`, both methods are overwritten with others that depend on the prior implementation as stored in `_get*`. If this happens twice, then the implementation of `_getX` is replaced with something that depends on a call to `_getX`, and the callers is stuck in an infinite loop.
  • Loading branch information
@Empact
Empact committed May 3, 2018
1 parent 8658360 commit b974625
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 8 deletions.
8 changes: 4 additions & 4 deletions bitcore-lib.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2084,27 +2084,27 @@ Point.getN = function getN() {
return new BN(ec.curve.n.toArray());
};

Point.prototype._getX = Point.prototype.getX;
Point._getX = Point.prototype.getX;

/**
*
* Will return the X coordinate of the Point
*
* @returns {BN} A BN instance of the X coordinate
*/
Point.prototype.getX = function getX() {
Point.getX = function getX() {
return new BN(this._getX().toArray());
};

Point.prototype._getY = Point.prototype.getY;
Point._getY = Point.prototype.getY;

/**
*
* Will return the Y coordinate of the Point
*
* @returns {BN} A BN instance of the Y coordinate
*/
Point.prototype.getY = function getY() {
Point.getY = function getY() {
return new BN(this._getY().toArray());
};

Expand Down
8 changes: 4 additions & 4 deletions lib/crypto/point.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,27 +73,27 @@ Point.getN = function getN() {
return new BN(ec.curve.n.toArray());
};

Point.prototype._getX = Point.prototype.getX;
Point._getX = Point.prototype.getX;

/**
*
* Will return the X coordinate of the Point
*
* @returns {BN} A BN instance of the X coordinate
*/
Point.prototype.getX = function getX() {
Point.getX = function getX() {
return new BN(this._getX().toArray());
};

Point.prototype._getY = Point.prototype.getY;
Point._getY = Point.prototype.getY;

/**
*
* Will return the Y coordinate of the Point
*
* @returns {BN} A BN instance of the Y coordinate
*/
Point.prototype.getY = function getY() {
Point.getY = function getY() {
return new BN(this._getY().toArray());
};

Expand Down

0 comments on commit b974625

Please sign in to comment.