From 36ae3ccff334602e36a85e4affb3ff181fe990a5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Tue, 17 Jan 2023 11:01:26 +0100 Subject: [PATCH] src: replace unreachable code with static_assert This function base64-decodes a given JavaScript string to obtain the secret key, whose length must not exceed INT_MAX. However, because JavaScript strings are limited to v8::String::kMaxLength chars and because base64 decoding never yields more bytes than input chars, the size of the decoded key must be strictly less than v8::String::kMaxLength bytes. Therefore, it is sufficient to statically assert that String::kMaxLength <= INT_MAX (which is always true because String::kMaxLength itself is an int). Aside from being unreachable, Coverity considers the current code "suspicious" because it indicates that buffers larger than INT_MAX might actually be allocated. PR-URL: https://github.com/nodejs/node/pull/46209 Reviewed-By: Luigi Pinca Reviewed-By: Yagiz Nizipli Reviewed-By: Rich Trott Reviewed-By: Colin Ihrig Reviewed-By: Minwoo Jung Reviewed-By: Darshan Sen Reviewed-By: Filip Skokan --- src/crypto/crypto_keys.cc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/crypto/crypto_keys.cc b/src/crypto/crypto_keys.cc index d1ea8f8f2cde7e..f5661ccedad4f7 100644 --- a/src/crypto/crypto_keys.cc +++ b/src/crypto/crypto_keys.cc @@ -479,12 +479,8 @@ std::shared_ptr ImportJWKSecretKey( return std::shared_ptr(); } + static_assert(String::kMaxLength <= INT_MAX); ByteSource key_data = ByteSource::FromEncodedString(env, key.As()); - if (key_data.size() > INT_MAX) { - THROW_ERR_CRYPTO_INVALID_KEYLEN(env); - return std::shared_ptr(); - } - return KeyObjectData::CreateSecret(std::move(key_data)); }