Skip to content

Commit

Permalink
fix(ext/node): don't panic on invalid utf-8 in pem (#24303)
Browse files Browse the repository at this point in the history
  • Loading branch information
lucacasonato authored Jun 21, 2024
1 parent 5683ca4 commit e6756c3
Show file tree
Hide file tree
Showing 2 changed files with 38 additions and 4 deletions.
18 changes: 14 additions & 4 deletions ext/node/ops/crypto/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1493,8 +1493,13 @@ fn parse_private_key(
) -> Result<pkcs8::SecretDocument, AnyError> {
match format {
"pem" => {
let (_, doc) =
pkcs8::SecretDocument::from_pem(std::str::from_utf8(key).unwrap())?;
let pem = std::str::from_utf8(key).map_err(|err| {
type_error(format!(
"Invalid PEM private key: not valid utf8 starting at byte {}",
err.valid_up_to()
))
})?;
let (_, doc) = pkcs8::SecretDocument::from_pem(pem)?;
Ok(doc)
}
"der" => {
Expand Down Expand Up @@ -1600,8 +1605,13 @@ fn parse_public_key(
) -> Result<pkcs8::Document, AnyError> {
match format {
"pem" => {
let (label, doc) =
pkcs8::Document::from_pem(std::str::from_utf8(key).unwrap())?;
let pem = std::str::from_utf8(key).map_err(|err| {
type_error(format!(
"Invalid PEM private key: not valid utf8 starting at byte {}",
err.valid_up_to()
))
})?;
let (label, doc) = pkcs8::Document::from_pem(pem)?;
if label != "PUBLIC KEY" {
return Err(type_error("Invalid PEM label"));
}
Expand Down
24 changes: 24 additions & 0 deletions tests/unit_node/crypto/crypto_key_test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -415,3 +415,27 @@ Deno.test("generate rsa export public key", async function () {
const der = publicKey.export({ format: "der", type: "spki" });
assert(der instanceof Uint8Array);
});

Deno.test("create public key with invalid utf-8 string", function () {
// This is an invalid UTF-8 string because it contains a lone utf-16 surrogate.
const invalidPem = Buffer.from(new Uint8Array([0xE2, 0x28, 0xA1]));
assertThrows(
() => {
createPublicKey(invalidPem);
},
Error,
"not valid utf8",
);
});

Deno.test("create private key with invalid utf-8 string", function () {
// This is an invalid UTF-8 string because it contains a lone utf-16 surrogate.
const invalidPem = Buffer.from(new Uint8Array([0xE2, 0x28, 0xA1]));
assertThrows(
() => {
createPrivateKey(invalidPem);
},
Error,
"not valid utf8",
);
});

0 comments on commit e6756c3

Please sign in to comment.