fix(crypto) fix setAAD undefined checks (#18905)

2026-02-09 10:28:47 +00:00 · 2025-04-09 16:50:08 -07:00
parent 8c7c42055b
commit 4ccf5c03dc
2 changed files with 27 additions and 8 deletions
--- a/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp
+++ b/src/bun.js/bindings/node/crypto/JSCipherPrototype.cpp
@@ -323,18 +323,20 @@ JSC_DEFINE_HOST_FUNCTION(jsCipherSetAAD, (JSC::JSGlobalObject * globalObject, JS
        encodingValue = optionsValue.get(globalObject, Identifier::fromString(vm, "encoding"_s));
        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));

-        V::validateString(scope, globalObject, encodingValue, "options.encoding"_s);
-        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        if (!encodingValue.isUndefinedOrNull()) {
+            V::validateString(scope, globalObject, encodingValue, "options.encoding"_s);
+            RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        }

        JSValue plaintextLengthValue = optionsValue.get(globalObject, Identifier::fromString(vm, "plaintextLength"_s));
        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
+        if (!plaintextLengthValue.isUndefinedOrNull()) {
+            std::optional<int32_t> maybePlaintextLength = plaintextLengthValue.tryGetAsInt32();
+            if (!maybePlaintextLength || *maybePlaintextLength < 0) {
+                return ERR::INVALID_ARG_VALUE(scope, globalObject, "options.plaintextLength"_s, plaintextLengthValue);
+            }

-        double plaintextLengthNumber = plaintextLengthValue.toNumber(globalObject);
-        RETURN_IF_EXCEPTION(scope, JSValue::encode({}));
-
-        plaintextLength = JSC::toInt32(plaintextLengthNumber);
-        if (plaintextLengthNumber != plaintextLength) {
-            return ERR::INVALID_ARG_VALUE(scope, globalObject, "options.plaintextLength"_s, plaintextLengthValue);
+            plaintextLength = *maybePlaintextLength;
        }
    }

--- a/test/js/node/crypto/node-crypto.test.js
+++ b/test/js/node/crypto/node-crypto.test.js
@@ -695,3 +695,20 @@ it("verifyError should not be on the prototype of DiffieHellman and DiffieHellma
  // DH_generate_parameters_ex
  expect(dhg.verifyError).toBe(8);
 });
+it("cipher.setAAD should not throw if encoding or plaintextLength is undefined #18700", () => {
+  const key = crypto.randomBytes(32);
+  const iv = crypto.randomBytes(16);
+  expect(() => {
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    cipher.setAAD("0123456789abcdef0123456789abcdef", {
+      encoding: undefined,
+    });
+  }).not.toThrow();
+
+  expect(() => {
+    const cipher = crypto.createCipheriv("aes-256-gcm", key, iv);
+    cipher.setAAD("0123456789abcdef0123456789abcdef", {
+      plaintextLength: undefined,
+    });
+  }).not.toThrow();
+});