Skip to content

Commit 8647803

Browse files
indutnyindutny
committed
6.5.3
1 parent 856fe4d commit 8647803

File tree

4 files changed

+41
-9
lines changed

4 files changed

+41
-9
lines changed

dist/elliptic.js

Lines changed: 37 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2560,11 +2560,24 @@ function getLength(buf, p) {
25602560
return initial;
25612561
}
25622562
var octetLen = initial & 0xf;
2563+
2564+
// Indefinite length or overflow
2565+
if (octetLen === 0 || octetLen > 4) {
2566+
return false;
2567+
}
2568+
25632569
var val = 0;
25642570
for (var i = 0, off = p.place; i < octetLen; i++, off++) {
25652571
val <<= 8;
25662572
val |= buf[off];
2573+
val >>>= 0;
25672574
}
2575+
2576+
// Leading zeroes
2577+
if (val <= 0x7f) {
2578+
return false;
2579+
}
2580+
25682581
p.place = off;
25692582
return val;
25702583
}
@@ -2588,28 +2601,47 @@ Signature.prototype._importDER = function _importDER(data, enc) {
25882601
return false;
25892602
}
25902603
var len = getLength(data, p);
2604+
if (len === false) {
2605+
return false;
2606+
}
25912607
if ((len + p.place) !== data.length) {
25922608
return false;
25932609
}
25942610
if (data[p.place++] !== 0x02) {
25952611
return false;
25962612
}
25972613
var rlen = getLength(data, p);
2614+
if (rlen === false) {
2615+
return false;
2616+
}
25982617
var r = data.slice(p.place, rlen + p.place);
25992618
p.place += rlen;
26002619
if (data[p.place++] !== 0x02) {
26012620
return false;
26022621
}
26032622
var slen = getLength(data, p);
2623+
if (slen === false) {
2624+
return false;
2625+
}
26042626
if (data.length !== slen + p.place) {
26052627
return false;
26062628
}
26072629
var s = data.slice(p.place, slen + p.place);
2608-
if (r[0] === 0 && (r[1] & 0x80)) {
2609-
r = r.slice(1);
2630+
if (r[0] === 0) {
2631+
if (r[1] & 0x80) {
2632+
r = r.slice(1);
2633+
} else {
2634+
// Leading zeroes
2635+
return false;
2636+
}
26102637
}
2611-
if (s[0] === 0 && (s[1] & 0x80)) {
2612-
s = s.slice(1);
2638+
if (s[0] === 0) {
2639+
if (s[1] & 0x80) {
2640+
s = s.slice(1);
2641+
} else {
2642+
// Leading zeroes
2643+
return false;
2644+
}
26132645
}
26142646

26152647
this.r = new BN(r);
@@ -8798,7 +8830,7 @@ utils.encode = function encode(arr, enc) {
87988830
},{}],35:[function(require,module,exports){
87998831
module.exports={
88008832
"name": "elliptic",
8801-
"version": "6.5.2",
8833+
"version": "6.5.3",
88028834
"description": "EC cryptography",
88038835
"main": "lib/elliptic.js",
88048836
"files": [

dist/elliptic.min.js

Lines changed: 2 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package-lock.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "elliptic",
3-
"version": "6.5.2",
3+
"version": "6.5.3",
44
"description": "EC cryptography",
55
"main": "lib/elliptic.js",
66
"files": [

0 commit comments

Comments
 (0)