mrose17
commented
8 years ago resolved by https://github.com/brave/vault/pull/44
Closed diracdeltas closed 8 years ago
mrose17
commented
8 years ago resolved by https://github.com/brave/vault/pull/44
src/controllers/helper.js calls
Buffer(header.signature, 'hex'). If a malicious user supplies a number as the header signature, this method returnsheader.signaturebytes of uninitialized memory. While this is not a problem on its own, this could potentially lead to unintended memory disclosure (for instance, if we return an error to the user that includes the signature seen by the server).The same issue arises from
Buffer(user.publicKey)if the user-supplied public key isn't validated.solution - validate input types before initializing the buffer.