Skip to content

crypto: reduce range of size to int max

Rodrigo Muino Tomonari requested to merge github/fork/Ayase-252/fix/38390 into master

Background

A bump of max length of Buffer to 2 ** 32 - 1(https://bugs.chromium.org/p/v8/issues/detail?id=4153#c66) breaks validation of sizeargument of randomBytes. When passing a over-large size like 2 * 31), it causes abort in v14 as described in #38090 (closed).

Impact of the PR

For v15, the overlarge size is catched in C++ code, and an Error will throw currently:

Welcome to Node.js v15.12.0.
Type ".help" for more information.
> crypto.randomBytes(2147483648)
Uncaught RangeError: buffer is too large
    at randomFillSync (node:internal/crypto/random:128:15)
    at Object.randomBytes (node:internal/crypto/random:96:5) {
  code: 'ERR_OUT_OF_RANGE'

After the PR, an JS-level Error will throw:

> crypto.randomBytes(2147483648)
Uncaught:
RangeError [ERR_OUT_OF_RANGE]: The value of "size" is out of range. It must be >= 0 && <= 2147483647. Received 2147483648
    at new NodeError (node:internal/errors:349:5)
    at assertSize (node:internal/crypto/random:80:11)
    at Object.randomBytes (node:internal/crypto/random:93:10)
    at REPL1:1:8
    at Script.runInThisContext (node:vm:131:12)
    at REPLServer.defaultEval (node:repl:522:29)
    at bound (node:domain:416:15)
    at REPLServer.runBound [as eval] (node:domain:427:12)
    at REPLServer.onLine (node:repl:844:10)
    at REPLServer.emit (node:events:381:22) {
  code: 'ERR_OUT_OF_RANGE'
}

For v14, executing crypto.randomBytes(2147483648) will abort immediately

Welcome to Node.js v14.16.0.
Type ".help" for more information.
>  crypto.randomBytes(2147483648)
[1]    96221 segmentation fault  node

If this PR is backported successfully, it will throw the same Error described above instead of abort.

Refs: #38090 (closed)

Merge request reports