Open eloquence opened 8 years ago
Are these the basic login cookies? Will test soon when I get a chance!
Yep, this happened with the Goodreads login & standard site cookies, logging in via Facebook. Thanks for taking a look!
This is a very old issue, but I see that the final.copy(decoded, decoded.length - 1)
is still the same in the code base.
It's a long-shot, but do you still have the code that can replicate this? If the buffer contains no data then I presume it's a bad entry, and all you were trying to do was skip it so that it didn't blow up everything else?
That feels like a reasonable approach, and I can't see much downside with it.
We could probably log out a warning too if this happens.
On decrypting cookies set by one particular site (Goodreads.com), I got the following error:
The offending line 59 is
final.copy(decoded, decoded.length - 1);
. Changing it tofinal.copy(decoded, decoded.length ? decoded.length - 1 : 0);
(no longer assuming that the target buffer contains data) fixed the issue for me, though I don't know if that's the best solution.