projects
/
squeep-mystery-box
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
throw simpler errors on some invalid inputs
[squeep-mystery-box]
/
lib
/
mystery-box.js
diff --git
a/lib/mystery-box.js
b/lib/mystery-box.js
index be12245538fd966172e88b5f7266dd0a4d949a45..6198cc816484b406804cf4a4cdd3c84685bce60e 100644
(file)
--- a/
lib/mystery-box.js
+++ b/
lib/mystery-box.js
@@
-208,6
+208,10
@@
class MysteryBox {
end: 0,
};
end: 0,
};
+ if (!box) {
+ throw new RangeError('nothing to unpack');
+ }
+
const raw = Buffer.from(common.base64URLToBase64(box), 'base64');
let offset = 0;
const raw = Buffer.from(common.base64URLToBase64(box), 'base64');
let offset = 0;
@@
-219,6
+223,11
@@
class MysteryBox {
const v = this.versionParameters[version];
offset += v.versionBytes;
const v = this.versionParameters[version];
offset += v.versionBytes;
+ const minBytes = v.versionBytes + v.flagsBytes + v.ivBytes + v.saltBytes + v.tagBytes;
+ if (raw.length < minBytes) {
+ throw new RangeError('not enough to unpack');
+ }
+
const flags = raw.slice(offset, offset + v.flagsBytes).readUInt8(0);
offset += v.flagsBytes;
const flags = raw.slice(offset, offset + v.flagsBytes).readUInt8(0);
offset += v.flagsBytes;