elliptic - npm Package Compare versions

Comparing version 6.5.2 to 6.5.3

lib/elliptic/ec/signature.js

@@ -35,2 +35,8 @@ 'use strict';
   var octetLen = initial & 0xf;
+
+  // Indefinite length or overflow
+  if (octetLen === 0 || octetLen > 4) {
+    return false;
+  }
+
   var val = 0;
@@ -40,3 +46,10 @@ for (var i = 0, off = p.place; i < octetLen; i++, off++) {
     val |= buf[off];
+    val >>>= 0;
   }
+
+  // Leading zeroes
+  if (val <= 0x7f) {
+    return false;
+  }
+
   p.place = off;
@@ -65,2 +78,5 @@ return val;
   var len = getLength(data, p);
+  if (len === false) {
+    return false;
+  }
   if ((len + p.place) !== data.length) {
@@ -73,2 +89,5 @@ return false;
   var rlen = getLength(data, p);
+  if (rlen === false) {
+    return false;
+  }
   var r = data.slice(p.place, rlen + p.place);
@@ -80,2 +99,5 @@ p.place += rlen;
   var slen = getLength(data, p);
+  if (slen === false) {
+    return false;
+  }
   if (data.length !== slen + p.place) {
@@ -85,7 +107,17 @@ return false;
   var s = data.slice(p.place, slen + p.place);
-  if (r[0] === 0 && (r[1] & 0x80)) {
-    r = r.slice(1);
+  if (r[0] === 0) {
+    if (r[1] & 0x80) {
+      r = r.slice(1);
+    } else {
+      // Leading zeroes
+      return false;
+    }
   }
-  if (s[0] === 0 && (s[1] & 0x80)) {
-    s = s.slice(1);
+  if (s[0] === 0) {
+    if (s[1] & 0x80) {
+      s = s.slice(1);
+    } else {
+      // Leading zeroes
+      return false;
+    }
   }
@@ -92,0 +124,0 @@

package.json

 {
   "name": "elliptic",
-  "version": "6.5.2",
+  "version": "6.5.3",
   "description": "EC cryptography",
@@ -5,0 +5,0 @@ "main": "lib/elliptic.js",

No alert changes

Improved metrics

Total package byte prevSize

118531

increased by0.39%

Lines of code

3393

increased by0.83%

No dependency changes