fix(package): security fix (#217)

* Update helper.js * Update pem.js * Update convert.js
Dexus · Oct 26, 2018 · bed1190 · bed1190
1 parent 68ad452
commit bed1190
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 23 deletions.
diff --git a/lib/convert.js b/lib/convert.js
@@ -169,8 +169,8 @@ module.exports.PEM2PFX = function (pathBundleIN, pathOUT, password, callback) {
     })
   }
   var delTempPWFiles = []
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
   openssl.spawnWrapper(params, false, function (error, code) {
     function done (error) {
       if (error) {
@@ -202,8 +202,8 @@ module.exports.PFX2PEM = function (pathIN, pathOUT, password, callback) {
     '-nodes'
   ]
   var delTempPWFiles = []
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
   openssl.spawnWrapper(params, false, function (error, code) {
     function done (error) {
       if (error) {
@@ -259,8 +259,8 @@ module.exports.P7B2PFX = function (pathBundleIN, pathOUT, password, callback) {
         })
       }
       var delTempPWFiles = [tmpfile]
-      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
-      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
+      helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'out' }, params, delTempPWFiles)
       openssl.spawnWrapper(params, false, function (error, code) {
         function done (error) {
           if (error) {

diff --git a/lib/helper.js b/lib/helper.js
@@ -66,14 +66,15 @@ var ciphers = module.exports.ciphers
  * @param {String} options.passType passType: can be in/out/word for passIN/passOUT/passWORD
  * @param {Boolean} options.mustPass mustPass is used when you need to set the pass like as "-password pass:" most needed when empty password
  * @param {Object} params params will be extended with the data that need for the openssl command. IS USED AS POINTER!
- * @param {String} PasswordFile PasswordFile is the filePath that later need to deleted, after the openssl command. IS USED AS POINTER!
+ * @param {String} PasswordFileArray PasswordFileArray is an array of filePaths that later need to deleted ,after the openssl command. IS USED AS POINTER!
  * @return {Boolean} result
  */
-module.exports.createPasswordFile = function (options, params, PasswordFile) {
-  if (!options || !options.hasOwnProperty('password') || !options.hasOwnProperty('passType') || !/^(word|in|out)$/.test(options.passType)) {
+module.exports.createPasswordFile = function (options, params, PasswordFileArray) {
+  if (!options || !options.hasOwnProperty('password') || !options.hasOwnProperty('passType') || !/^(word|in|out)$/.test(options.passType)) { 
     return false
-  }
-  PasswordFile = pathlib.join(tempDir, crypto.randomBytes(20).toString('hex'))
+  } 
+  var PasswordFile = pathlib.join(tempDir ,crypto.randomBytes(20).toString('hex')) 
+  PasswordFileArray.push(PasswordFile)
   options.password = options.password.trim()
   if (options.password === '') {
     options.mustPass = true

diff --git a/lib/pem.js b/lib/pem.js
@@ -69,7 +69,7 @@ function createPrivateKey (keyBitsize, options, callback) {
   var delTempPWFiles = []
 
   if (options && options.cipher && (Number(helper.ciphers.indexOf(options.cipher)) !== -1) && options.password) {
-    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.password, 'passType': 'out' }, params, delTempPWFiles)
   }
 
   params.push(keyBitsize)
@@ -263,7 +263,7 @@ function createCSR (options, callback) {
 
   var delTempPWFiles = []
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.exec(params, 'CERTIFICATE REQUEST', tmpfiles, function (sslErr, data) {
@@ -384,15 +384,15 @@ function createCertificate (options, callback) {
       }
     }
     if (options.serviceKeyPassword) {
-      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
     }
     tmpfiles.push(options.serviceCertificate)
     tmpfiles.push(options.serviceKey)
   } else {
     params.push('-signkey')
     params.push('--TMPFILE--')
     if (options.serviceKeyPassword) {
-      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+      helper.createPasswordFile({ 'cipher': '', 'password': options.serviceKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
     }
     tmpfiles.push(options.serviceKey)
   }
@@ -409,7 +409,7 @@ function createCertificate (options, callback) {
   }
 
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.exec(params, 'CERTIFICATE', tmpfiles, function (sslErr, data) {
@@ -558,7 +558,7 @@ function getModulus (certificate, password, hash, callback) {
   ]
   var delTempPWFiles = []
   if (password) {
-    helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
@@ -702,11 +702,11 @@ function createPkcs12 (key, certificate, password, options, callback) {
   if (options.cipher && options.clientKeyPassword) {
     // NOTICE: The password field is needed! self if it is empty.
     // create password file for the import "-passin"
-    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': options.cipher, 'password': options.clientKeyPassword, 'passType': 'in' }, params, delTempPWFiles)
   }
   // NOTICE: The password field is needed! self if it is empty.
   // create password file for the password "-password"
-  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': password, 'passType': 'word' }, params, delTempPWFiles)
 
   params.push('-in')
   params.push('--TMPFILE--')
@@ -756,15 +756,15 @@ function readPkcs12 (bufferOrPath, options, callback) {
   var delTempPWFiles = []
   var args = ['pkcs12', '-in', bufferOrPath]
 
-  helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': options.p12Password, 'passType': 'in' }, args, delTempPWFiles)
 
   if (Buffer.isBuffer(bufferOrPath)) {
     tmpfiles = [bufferOrPath]
     args[2] = '--TMPFILE--'
   }
 
   if (options.clientKeyPassword) {
-    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': options.clientKeyPassword, 'passType': 'out' }, args, delTempPWFiles)
   } else {
     args.push('-nodes')
   }
@@ -832,7 +832,7 @@ function checkCertificate (certificate, passphrase, callback) {
     params = ['x509', '-text', '-noout', '-in', '--TMPFILE--']
   }
   if (passphrase) {
-    helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles[delTempPWFiles.length])
+    helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, params, delTempPWFiles)
   }
 
   openssl.spawnWrapper(params, certificate, function (sslErr, code, stdout, stderr) {
@@ -875,7 +875,7 @@ function checkPkcs12 (bufferOrPath, passphrase, callback) {
   var delTempPWFiles = []
   var args = ['pkcs12', '-info', '-in', bufferOrPath, '-noout', '-maciter', '-nodes']
 
-  helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles[delTempPWFiles.length])
+  helper.createPasswordFile({ 'cipher': '', 'password': passphrase, 'passType': 'in' }, args, delTempPWFiles)
 
   if (Buffer.isBuffer(bufferOrPath)) {
     tmpfiles = [bufferOrPath]