elliptic
Advanced tools
Comparing version 6.5.2 to 6.5.3
@@ -35,2 +35,8 @@ 'use strict'; | ||
var octetLen = initial & 0xf; | ||
// Indefinite length or overflow | ||
if (octetLen === 0 || octetLen > 4) { | ||
return false; | ||
} | ||
var val = 0; | ||
@@ -40,3 +46,10 @@ for (var i = 0, off = p.place; i < octetLen; i++, off++) { | ||
val |= buf[off]; | ||
val >>>= 0; | ||
} | ||
// Leading zeroes | ||
if (val <= 0x7f) { | ||
return false; | ||
} | ||
p.place = off; | ||
@@ -65,2 +78,5 @@ return val; | ||
var len = getLength(data, p); | ||
if (len === false) { | ||
return false; | ||
} | ||
if ((len + p.place) !== data.length) { | ||
@@ -73,2 +89,5 @@ return false; | ||
var rlen = getLength(data, p); | ||
if (rlen === false) { | ||
return false; | ||
} | ||
var r = data.slice(p.place, rlen + p.place); | ||
@@ -80,2 +99,5 @@ p.place += rlen; | ||
var slen = getLength(data, p); | ||
if (slen === false) { | ||
return false; | ||
} | ||
if (data.length !== slen + p.place) { | ||
@@ -85,7 +107,17 @@ return false; | ||
var s = data.slice(p.place, slen + p.place); | ||
if (r[0] === 0 && (r[1] & 0x80)) { | ||
r = r.slice(1); | ||
if (r[0] === 0) { | ||
if (r[1] & 0x80) { | ||
r = r.slice(1); | ||
} else { | ||
// Leading zeroes | ||
return false; | ||
} | ||
} | ||
if (s[0] === 0 && (s[1] & 0x80)) { | ||
s = s.slice(1); | ||
if (s[0] === 0) { | ||
if (s[1] & 0x80) { | ||
s = s.slice(1); | ||
} else { | ||
// Leading zeroes | ||
return false; | ||
} | ||
} | ||
@@ -92,0 +124,0 @@ |
{ | ||
"name": "elliptic", | ||
"version": "6.5.2", | ||
"version": "6.5.3", | ||
"description": "EC cryptography", | ||
@@ -5,0 +5,0 @@ "main": "lib/elliptic.js", |
118531
3393