search

bertrandom / chrome-cookies-secure

Extract encrypted Google Chrome cookies for a url on a Mac or Linux
https://www.npmjs.com/package/chrome-cookies-secure
MIT License
145 stars 51 forks source link

Decrypting some cookies results in RangeError #5

Open eloquence opened 8 years ago

eloquence commented 8 years ago

On decrypting cookies set by one particular site (Goodreads.com), I got the following error:

RangeError: out of range index at RangeError (native) at decrypt (node_modules/chrome-cookies-secure/index.js:59:8) at Statement.db.each.host (node_modules/chrome-cookies-secure/index.js:268:21)

The offending line 59 is final.copy(decoded, decoded.length - 1);. Changing it to final.copy(decoded, decoded.length ? decoded.length - 1 : 0); (no longer assuming that the target buffer contains data) fixed the issue for me, though I don't know if that's the best solution.

bertrandom commented 8 years ago

Are these the basic login cookies? Will test soon when I get a chance!

eloquence commented 8 years ago

Yep, this happened with the Goodreads login & standard site cookies, logging in via Facebook. Thanks for taking a look!

rubengmurray commented 3 months ago

This is a very old issue, but I see that the final.copy(decoded, decoded.length - 1) is still the same in the code base.

Here: https://github.com/bertrandom/chrome-cookies-secure/blob/8eeca6d405527327f30d95801ec048d38deaee1e/index.js#L42

It's a long-shot, but do you still have the code that can replicate this? If the buffer contains no data then I presume it's a bad entry, and all you were trying to do was skip it so that it didn't blow up everything else?

That feels like a reasonable approach, and I can't see much downside with it.

We could probably log out a warning too if this happens.