Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto: fix zero byte allocation assertion failure #25248

Closed
wants to merge 2 commits into from

Conversation

@tniessen
Copy link
Member

commented Dec 28, 2018

When an empty string was passed, malloc might have returned a nullptr depending on the platform, causing an assertion failure. This change makes private key parsing behave as public key parsing does, causing a BIO error instead that can be caught in JS.

I am pre-emptively labeling this security due to the simplicity of causing this failure. This currently only affects the most recent release, v11.6.0, and no other release should include #24234 without this fix.

Fixes: #25247

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
crypto: fix zero byte allocation assertion failure
When an empty string was passed, malloc might have returned a nullptr
depending on the platform, causing an assertion failure. This change
makes private key parsing behave as public key parsing does, causing
a BIO error instead that can be caught in JS.

Fixes: #25247
@tniessen

This comment has been minimized.

Copy link
Member Author

commented Dec 29, 2018

@addaleax

This comment has been minimized.

Copy link
Member

commented Dec 30, 2018

Landed in fe5b8dc

@addaleax addaleax closed this Dec 30, 2018

pull bot pushed a commit to SimenB/node that referenced this pull request Dec 30, 2018
crypto: fix zero byte allocation assertion failure
When an empty string was passed, malloc might have returned a nullptr
depending on the platform, causing an assertion failure. This change
makes private key parsing behave as public key parsing does, causing
a BIO error instead that can be caught in JS.

Fixes: nodejs#25247

PR-URL: nodejs#25248
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
targos added a commit that referenced this pull request Jan 1, 2019
crypto: fix zero byte allocation assertion failure
When an empty string was passed, malloc might have returned a nullptr
depending on the platform, causing an assertion failure. This change
makes private key parsing behave as public key parsing does, causing
a BIO error instead that can be caught in JS.

Fixes: #25247

PR-URL: #25248
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
refack added a commit to refack/node that referenced this pull request Jan 14, 2019
crypto: fix zero byte allocation assertion failure
When an empty string was passed, malloc might have returned a nullptr
depending on the platform, causing an assertion failure. This change
makes private key parsing behave as public key parsing does, causing
a BIO error instead that can be caught in JS.

Fixes: nodejs#25247

PR-URL: nodejs#25248
Reviewed-By: Ujjwal Sharma <usharma1998@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
@BridgeAR BridgeAR referenced this pull request Jan 16, 2019
@MylesBorins MylesBorins referenced this pull request Jan 24, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
6 participants
You can’t perform that action at this time.