From ef2d98fe11ffe467a31d2e30e3ae9738147b74e9 Mon Sep 17 00:00:00 2001
From: Yoshiya Hinosawa <stibium121@gmail.com>
Date: Wed, 11 Sep 2024 13:27:07 +0900
Subject: fix(ext/node): validate input lengths in `Cipheriv` and `Decipheriv`
 (#25570)

addresses the first part of #25279
---
 ext/node/ops/crypto/cipher.rs | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'ext/node/ops/crypto/cipher.rs')

diff --git a/ext/node/ops/crypto/cipher.rs b/ext/node/ops/crypto/cipher.rs
index 94bd5780e..b80aa33fe 100644
--- a/ext/node/ops/crypto/cipher.rs
+++ b/ext/node/ops/crypto/cipher.rs
@@ -4,6 +4,7 @@ use aes::cipher::block_padding::Pkcs7;
 use aes::cipher::BlockDecryptMut;
 use aes::cipher::BlockEncryptMut;
 use aes::cipher::KeyIvInit;
+use deno_core::error::range_error;
 use deno_core::error::type_error;
 use deno_core::error::AnyError;
 use deno_core::Resource;
@@ -157,6 +158,13 @@ impl Cipher {
         Aes256Gcm(Box::new(cipher))
       }
       "aes256" | "aes-256-cbc" => {
+        if key.len() != 32 {
+          return Err(range_error("Invalid key length"));
+        }
+        if iv.len() != 16 {
+          return Err(type_error("Invalid initialization vector"));
+        }
+
         Aes256Cbc(Box::new(cbc::Encryptor::new(key.into(), iv.into())))
       }
       _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
@@ -346,6 +354,13 @@ impl Decipher {
         Aes256Gcm(Box::new(decipher))
       }
       "aes256" | "aes-256-cbc" => {
+        if key.len() != 32 {
+          return Err(range_error("Invalid key length"));
+        }
+        if iv.len() != 16 {
+          return Err(type_error("Invalid initialization vector"));
+        }
+
         Aes256Cbc(Box::new(cbc::Decryptor::new(key.into(), iv.into())))
       }
       _ => return Err(type_error(format!("Unknown cipher {algorithm_name}"))),
-- 
cgit v1.2.3