Skip to content

Commit

Permalink
fix(node): mitigate denoland/deno#25279 (#412)
Browse files Browse the repository at this point in the history
  • Loading branch information
nyannyacha authored Sep 24, 2024
1 parent fbcd8c5 commit 41c7624
Show file tree
Hide file tree
Showing 4 changed files with 31 additions and 16 deletions.
17 changes: 17 additions & 0 deletions crates/node/ops/crypto/cipher.rs
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ use aes::cipher::block_padding::Pkcs7;
use aes::cipher::BlockDecryptMut;
use aes::cipher::BlockEncryptMut;
use aes::cipher::KeyIvInit;
use deno_core::error::range_error;
use deno_core::error::type_error;
use deno_core::error::AnyError;
use deno_core::Resource;
Expand Down Expand Up @@ -127,6 +128,14 @@ impl Cipher {
Aes256Gcm(Box::new(cipher))
}
"aes256" | "aes-256-cbc" => {
// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
if key.len() != 32 {
return Err(range_error("Invalid key length"));
}
if iv.len() != 16 {
return Err(type_error("Invalid initialization vector"));
}

Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
Expand Down Expand Up @@ -253,6 +262,14 @@ impl Decipher {
Aes256Gcm(Box::new(decipher))
}
"aes256" | "aes-256-cbc" => {
// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
if key.len() != 32 {
return Err(range_error("Invalid key length"));
}
if iv.len() != 16 {
return Err(type_error("Invalid initialization vector"));
}

Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
}
_ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
Expand Down
22 changes: 8 additions & 14 deletions crates/node/ops/crypto/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -193,20 +193,17 @@ pub fn op_node_public_encrypt(
}
}

// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
#[op2(fast)]
#[smi]
pub fn op_node_create_cipheriv(
state: &mut OpState,
#[string] algorithm: &str,
#[buffer] key: &[u8],
#[buffer] iv: &[u8],
) -> u32 {
state
.resource_table
.add(match cipher::CipherContext::new(algorithm, key, iv) {
Ok(context) => context,
Err(_) => return 0,
})
) -> Result<u32, AnyError> {
let context = cipher::CipherContext::new(algorithm, key, iv)?;
Ok(state.resource_table.add(context))
}

#[op2(fast)]
Expand Down Expand Up @@ -252,20 +249,17 @@ pub fn op_node_cipheriv_final(
context.r#final(input, output)
}

// PATCH(denoland/deno#25570): Mitigates denoland/deno#25279
#[op2(fast)]
#[smi]
pub fn op_node_create_decipheriv(
state: &mut OpState,
#[string] algorithm: &str,
#[buffer] key: &[u8],
#[buffer] iv: &[u8],
) -> u32 {
state
.resource_table
.add(match cipher::DecipherContext::new(algorithm, key, iv) {
Ok(context) => context,
Err(_) => return 0,
})
) -> Result<u32, AnyError> {
let context = cipher::DecipherContext::new(algorithm, key, iv)?;
Ok(state.resource_table.add(context))
}

#[op2(fast)]
Expand Down
2 changes: 2 additions & 0 deletions crates/node/ops/http2.rs
Original file line number Diff line number Diff line change
Expand Up @@ -238,6 +238,7 @@ pub async fn op_http2_send_response(
}
for (name, value) in headers {
response.headers_mut().append(
// PATCH(denoland/deno#24780): Mitigates denoland/deno#24678
HeaderName::from_bytes(&name).unwrap(),
HeaderValue::from_bytes(&value).unwrap(),
);
Expand Down Expand Up @@ -308,6 +309,7 @@ pub async fn op_http2_client_request(

for (name, value) in headers {
req.headers_mut().unwrap().append(
// PATCH(denoland/deno#24780): Mitigates denoland/deno#24678
HeaderName::from_bytes(&name).unwrap(),
HeaderValue::from_bytes(&value).unwrap(),
);
Expand Down
6 changes: 4 additions & 2 deletions crates/node/polyfills/internal/crypto/cipher.ts
Original file line number Diff line number Diff line change
Expand Up @@ -227,7 +227,8 @@ export class Cipheriv extends Transform implements Cipher {
): Buffer | string {
// TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
let buf = data;
if (typeof data === "string" && typeof inputEncoding === "string") {
// PATCH(denoland/deno#25571): Mitigates denoland/deno#25279
if (typeof data === "string") {
buf = Buffer.from(data, inputEncoding);
}

Expand Down Expand Up @@ -373,7 +374,8 @@ export class Decipheriv extends Transform implements Cipher {
): Buffer | string {
// TODO(kt3k): throw ERR_INVALID_ARG_TYPE if data is not string, Buffer, or ArrayBufferView
let buf = data;
if (typeof data === "string" && typeof inputEncoding === "string") {
// PATCH(denoland/deno#25571): Mitigates denoland/deno#25279
if (typeof data === "string") {
buf = Buffer.from(data, inputEncoding);
}

Expand Down

0 comments on commit 41c7624

Please sign in to comment.