Fix UAF caused by strInput being deallocated at the end of the if…

… block Observed behavior was that the crc function would return a random number for string input.
ludios · Jun 1, 2019 · d39bdd7 · d39bdd7
1 parent 1b79bb4
commit d39bdd7
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/src/crc32c.cpp b/src/crc32c.cpp
@@ -54,15 +54,15 @@ Napi::Value sse42_crc(const Napi::CallbackInfo &info) {
     Napi::Buffer<char> data = info[0].As<Napi::Buffer<char>>();
     buf = (const char *)data.Data();
     len = (size_t)data.Length();
+    return Napi::Number::New(env, sse42_calculate(crc, buf, len));
   } else if (info[0].IsString()) {
     std::string strInput = info[0].As<Napi::String>().Utf8Value();
     buf = (const char *)strInput.c_str();
     len = (size_t)strInput.length();
+    return Napi::Number::New(env, sse42_calculate(crc, buf, len));
   } else {
     throw Napi::TypeError::New(env, "input is not a string/buffer!");
   }
-
-  return Napi::Number::New(env, sse42_calculate(crc, buf, len));
 }
 
 /**
@@ -94,15 +94,15 @@ Napi::Value table_crc(const Napi::CallbackInfo &info) {
     Napi::Buffer<char> data = info[0].As<Napi::Buffer<char>>();
     buf = (const char *)data.Data();
     len = (size_t)data.Length();
+    return Napi::Number::New(env, table_calculate(crc, buf, len));
   } else if (info[0].IsString()) {
     std::string strInput = info[0].As<Napi::String>().Utf8Value();
     buf = (const char *)strInput.c_str();
     len = (size_t)strInput.length();
+    return Napi::Number::New(env, table_calculate(crc, buf, len));
   } else {
     throw Napi::TypeError::New(env, "input is not a string/buffer!");
   }
-
-  return Napi::Number::New(env, table_calculate(crc, buf, len));
 }
 
 /**