details: https://github.com/nginx/njs/commit/b065b41142cdf059cc5ace9e3c2495c624b8aee1 branches: master commit: b065b41142cdf059cc5ace9e3c2495c624b8aee1 user: Dmitry Volyntsev <xei...@nginx.com> date: Wed, 12 Feb 2025 18:12:38 -0800 description: QuickJS: fixed key usage processing with invalid values in WebCrypto.
--- external/qjs_webcrypto_module.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/external/qjs_webcrypto_module.c b/external/qjs_webcrypto_module.c index cc654c0a..6e820887 100644 --- a/external/qjs_webcrypto_module.c +++ b/external/qjs_webcrypto_module.c @@ -4637,10 +4637,17 @@ qjs_key_usage(JSContext *cx, JSValue value, unsigned *mask) for (e = &qjs_webcrypto_usage[0]; e->name.length != 0; e++) { if (njs_strstr_eq(&s, &e->name)) { *mask |= e->value; - break; + goto done; } } + JS_ThrowTypeError(cx, "unknown key usage: \"%.*s\"", (int) s.length, + s.start); + JS_FreeCString(cx, (char *) s.start); + return JS_EXCEPTION; + +done: + JS_FreeCString(cx, (char *) s.start); } _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx-devel