`crypto.pbkdf2Sync` results in an abort with some arguments

[zyscoder]

Version

v18.8.0

Platform

Linux zys-lab204l 5.15.0-46-generic #49~20.04.1-Ubuntu SMP Thu Aug 4 19:15:44 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Subsystem

crypto

What steps will reproduce the bug?

Setup a node instance,

$ node

and run the following javascript code.

crypto = require('crypto');crypto.pbkdf2Sync('str','str',2147485780,0,'str');

Then the node instance occurs an abort.

How often does it reproduce? Is there a required condition?

This abort can always be triggered following the steps above.

What is the expected behavior?

If any error occurs, an exception or other similar error-reporting stuff should be thrown. There is no reason to abort the whole node process.

What do you see instead?

 $ node                                            
Welcome to Node.js v18.8.0.
Type ".help" for more information.
> crypto = require('crypto');crypto.pbkdf2Sync('str','str',2147485780,0,'str');
/home/zys/Toolchains/node/out/Release/node[1177351]: ../src/crypto/crypto_pbkdf2.cc:88:static Maybe<bool> node::crypto::PBKDF2Traits::AdditionalConfig(node::crypto::CryptoJobMode, const FunctionCallbackInfo<v8::Value> &, unsigned int, node::crypto::PBKDF2Config *): Assertion `args[offset + 2]->IsInt32()' failed.
 1: 0x3a4188f node::DumpBacktrace(_IO_FILE*) [/home/zys/Toolchains/node/out/Release/node]
 2: 0x3c22cf4 node::Abort() [/home/zys/Toolchains/node/out/Release/node]
 3: 0x3c22665 node::Assert(node::AssertionInfo const&) [/home/zys/Toolchains/node/out/Release/node]
 4: 0x40306f5 node::crypto::PBKDF2Traits::AdditionalConfig(node::crypto::CryptoJobMode, v8::FunctionCallbackInfo<v8::Value> const&, unsigned int, node::crypto::PBKDF2Config*) [/home/zys/Toolchains/node/out/Release/node]
 5: 0x4115ad2 node::crypto::DeriveBitsJob<node::crypto::PBKDF2Traits>::New(v8::FunctionCallbackInfo<v8::Value> const&) [/home/zys/Toolchains/node/out/Release/node]
 6: 0x4307694 v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [/home/zys/Toolchains/node/out/Release/node]
 7: 0x4305840  [/home/zys/Toolchains/node/out/Release/node]
 8: 0x4304365 v8::internal::Builtin_HandleApiCall(int, unsigned long*, v8::internal::Isolate*) [/home/zys/Toolchains/node/out/Release/node]
 9: 0x61a9139  [/home/zys/Toolchains/node/out/Release/node]
[1]    1177351 abort (core dumped)  /home/zys/Toolchains/node/out/Release/node

Additional information

No response

[Trott]

@nodejs/crypto

[Trott]

Replicated on macOS too with Node.js 18.8.0 and Node.js 16.17.0.

This problem does not exist in Node.js 14.20.0 which throws a TypeError instead:

Uncaught TypeError [ERR_CRYPTO_INVALID_DIGEST]: Invalid digest: str
    at new NodeError (internal/errors.js:322:7)
    at handleError (internal/crypto/pbkdf2.js:68:11)
    at Object.pbkdf2Sync (internal/crypto/pbkdf2.js:48:3)
    at REPL1:1:35
    at Script.runInThisContext (vm.js:134:12)
    at REPLServer.defaultEval (repl.js:566:29)
    at bound (domain.js:421:15)
    at REPLServer.runBound [as eval] (domain.js:432:12)
    at REPLServer.onLine (repl.js:909:10)
    at REPLServer.emit (events.js:412:35) {
  code: 'ERR_CRYPTO_INVALID_DIGEST'
}

[Trott]

Node.js 15.0.0 also aborts, so perhaps looking at the 15.0.0 changelog might help identify which change likely resulted in this.

[Trott]

The two semver-major commits in 15.0.0 are dae283d96f and ba77dc8597 so maybe start with those?

@jasnell

[tniessen]

Sigh. This is why unsigned values should not be stored as signed integers.

#44575