From 7da7e9f0305bb1b29515b744087c64bf3429f4a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sat, 14 Jul 2018 18:59:39 +0200
Subject: [PATCH 1/2] crypto: prevent Sign::SignFinal from crashing

The validation logic could be tricked into assuming an option was
valid using malicious getters, leading to an invalid value being
passed to the C++ layer, thus crashing the process.
---
 lib/internal/crypto/sig.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js
index b6f8ceb50186d1..60ad1fbb4a1bf4 100644
--- a/lib/internal/crypto/sig.js
+++ b/lib/internal/crypto/sig.js
@@ -57,8 +57,9 @@ function getSaltLength(options) {
 
 function getIntOption(name, defaultValue, options) {
   if (options.hasOwnProperty(name)) {
-    if (options[name] === options[name] >> 0) {
-      return options[name];
+    const value = options[name];
+    if (value === value >> 0) {
+      return value;
     } else {
       throw new ERR_INVALID_OPT_VALUE(name, options[name]);
     }

From 3625e22927b6fd5fbde438b364bd48b596d0f780 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= <tniessen@tnie.de>
Date: Sun, 15 Jul 2018 15:03:23 +0200
Subject: [PATCH 2/2] fixup! crypto: prevent Sign::SignFinal from crashing

---
 lib/internal/crypto/sig.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/internal/crypto/sig.js b/lib/internal/crypto/sig.js
index 60ad1fbb4a1bf4..8aff7354735404 100644
--- a/lib/internal/crypto/sig.js
+++ b/lib/internal/crypto/sig.js
@@ -61,7 +61,7 @@ function getIntOption(name, defaultValue, options) {
     if (value === value >> 0) {
       return value;
     } else {
-      throw new ERR_INVALID_OPT_VALUE(name, options[name]);
+      throw new ERR_INVALID_OPT_VALUE(name, value);
     }
   }
   return defaultValue;