-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto: reduce range of size to int max #38096
Conversation
This comment has been minimized.
This comment has been minimized.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we rather allow buffer sizes as large as 2 ** 32 - 1
(for 64-bit platforms)?
@Ayase-252 Did you mean this in the PR description? - A bump of max length of Buffer to 2 ** 32
+ A bump of max length of Buffer to 2 ** 32 - 1 |
Yes, my mistake, I will edit in the OP too |
Yes. It could be. But I don’t know find how |
This comment has been minimized.
This comment has been minimized.
@Ayase-252 I think you referenced the wrong issue in the commit message. |
Thanks! Commit message is amended. |
For now, no. Openssl is still pretty limited here, using |
Instead of |
@RaisinTen I don't think this PR fixes #38090 until change is backported to v14 later. May it be more approriate to use |
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
Landed in 993ed19 |
Background
A bump of max length of Buffer to
2 ** 32 - 1
(https://bugs.chromium.org/p/v8/issues/detail?id=4153#c66) breaks validation ofsize
argument ofrandomBytes
. When passing a over-largesize
like2 * 31)
, it causes abort in v14 as described in #38090.Impact of the PR
For v15, the overlarge size is catched in C++ code, and an Error will throw currently:
After the PR, an JS-level Error will throw:
For v14, executing
crypto.randomBytes(2147483648)
will abort immediatelyIf this PR is backported successfully, it will throw the same Error described above instead of abort.
Refs: #38090