From 4d96089f72fb2b604d48d3001a4a7bb16901fc25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= <toberndo@yarkon.de>
Date: Thu, 27 Mar 2014 15:49:10 +0100
Subject: [PATCH] OP-01-001 Type confusion in crypto.random.RandomBuffer (Low)
---
src/crypto/random.js | 15 ++++++++++++---
src/worker/worker.js | 3 +++
test/worker/api.js | 10 +++++++---
3 files changed, 22 insertions(+), 6 deletions(-)
diff --git a/src/crypto/random.js b/src/crypto/random.js
index be38c81d..1eab0a44 100644
--- a/src/crypto/random.js
+++ b/src/crypto/random.js
@@ -76,6 +76,9 @@ module.exports = {
* @param {Uint8Array} buf
*/
getRandomValues: function(buf) {
+ if (!(buf instanceof Uint8Array)) {
+ throw new Error('Invalid type: buf not an Uint8Array');
+ }
if (typeof window !== 'undefined' && window.crypto) {
window.crypto.getRandomValues(buf);
} else if (nodeCrypto) {
@@ -142,18 +145,21 @@ function RandomBuffer() {
* @param {Integer} size size of buffer
*/
RandomBuffer.prototype.init = function(size) {
- this.buffer = new Uint32Array(size);
+ this.buffer = new Uint8Array(size);
this.size = 0;
};
/**
* Concat array of secure random numbers to buffer
- * @param {Uint32Array} buf
+ * @param {Uint8Array} buf
*/
RandomBuffer.prototype.set = function(buf) {
if (!this.buffer) {
throw new Error('RandomBuffer is not initialized');
}
+ if (!(buf instanceof Uint8Array)) {
+ throw new Error('Invalid type: buf not an Uint8Array');
+ }
var freeSpace = this.buffer.length - this.size;
if (buf.length > freeSpace) {
buf = buf.subarray(0, freeSpace);
@@ -164,12 +170,15 @@ RandomBuffer.prototype.set = function(buf) {
/**
* Take numbers out of buffer and copy to array
- * @param {Uint32Array} buf the destination array
+ * @param {Uint8Array} buf the destination array
*/
RandomBuffer.prototype.get = function(buf) {
if (!this.buffer) {
throw new Error('RandomBuffer is not initialized');
}
+ if (!(buf instanceof Uint8Array)) {
+ throw new Error('Invalid type: buf not an Uint8Array');
+ }
if (this.size < buf.length) {
throw new Error('Random number buffer depleted.')
}
diff --git a/src/worker/worker.js b/src/worker/worker.js
index f3180251..68e7d628 100644
--- a/src/worker/worker.js
+++ b/src/worker/worker.js
@@ -31,6 +31,9 @@ onmessage = function (event) {
correct = false;
switch (msg.event) {
case 'seed-random':
+ if (!(msg.buf instanceof Uint8Array)) {
+ msg.buf = new Uint8Array(msg.buf);
+ }
window.openpgp.crypto.random.randomBuffer.set(msg.buf);
break;
case 'encrypt-message':
diff --git a/test/worker/api.js b/test/worker/api.js
index b1d2a352..21a6e3c3 100644
--- a/test/worker/api.js
+++ b/test/worker/api.js
@@ -509,6 +509,8 @@ describe('Random Buffer', function() {
it('Set Method', function () {
randomBuffer.init(5);
var buf = new Uint32Array(2);
+ expect(randomBuffer.set.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
+ buf = new Uint8Array(2);
buf[0] = 1; buf[1] = 2;
randomBuffer.set(buf);
expect(equal(randomBuffer.buffer, [1,2,0,0,0])).to.be.true;
@@ -520,7 +522,7 @@ describe('Random Buffer', function() {
expect(equal(randomBuffer.buffer, [1,2,1,2,1])).to.be.true;
expect(randomBuffer.size).to.equal(5);
randomBuffer.init(1);
- var buf = new Uint32Array(2);
+ buf = new Uint8Array(2);
buf[0] = 1; buf[1] = 2;
randomBuffer.set(buf);
expect(buf).to.to.have.property('0', 1);
@@ -529,10 +531,12 @@ describe('Random Buffer', function() {
it('Get Method', function () {
randomBuffer.init(5);
- var buf = new Uint32Array(5);
+ var buf = new Uint8Array(5);
buf[0] = 1; buf[1] = 2; buf[2] = 5; buf[3] = 7; buf[4] = 8;
randomBuffer.set(buf);
- var buf = new Uint32Array(2);
+ buf = new Uint32Array(2);
+ expect(randomBuffer.get.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
+ buf = new Uint8Array(2);
randomBuffer.get(buf);
expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
expect(randomBuffer.size).to.equal(3);