fix: don't allow NaN/Infinity params

ricmoo · Aug 6, 2021 · c78d9ba · c78d9ba
1 parent 3f106c1
commit c78d9ba
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/scrypt.js b/scrypt.js
@@ -251,7 +251,7 @@
     }
 
     function ensureInteger(value, name) {
-        if (typeof(value) !== "number" || (value % 1)) { throw new Error('invalid ' + name); }
+        if (!Number.isInteger(value)) { throw new Error('invalid ' + name); }
         return value;
     }
 

diff --git a/test/test-scrypt.js b/test/test-scrypt.js
@@ -6,6 +6,20 @@ const scrypt = require('../scrypt.js');
 
 const testVectors = require('./test-vectors.json');
 
+for (const invalid of [NaN, Infinity, -Infinity, 0.5, null]) {
+  for (let i = 0; i < 4; i++) {
+    const password = Buffer.from('password');
+    const salt = Buffer.from('salt');
+    const argname = ['N', 'r', 'p', 'dkLen'][i];
+    const args = [16, 1, 1, 64];
+    args[i] = invalid;
+    it(`Test ${invalid} rejection ${i}`, () => assert.rejects(
+      () => scrypt.scrypt(password, salt, ...args, () => {}),
+      { message: `invalid ${argname}` }
+    ));
+  }
+}
+
 for (let i = 0; i < testVectors.length; i++) {
     const test = testVectors[i];