zlib: fix node crashing on invalid options

This commit fixes the Node process crashing when constructors of classes of the zlib module are given invalid options. * Throw an Error when the zlib library rejects the value of windowBits, instead of crashing with an assertion. * Treat windowBits and memLevel options consistently with other ones and don't crash when non-numeric values are given. * Fix bugs in the validation logic: - Don't conflate 0 and undefined when checking if a field of an options object exists. - Treat NaN and Infinity values the same way as values of invalid types instead of allowing to actually set zlib options to NaN or Infinity. PR-URL: #13098Fixes: #13082 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Luigi Pinca <[email protected]> Reviewed-By: Sakthipriyan Vairamani <[email protected]>

Author: aqrln

doc/api/zlib.md

@@ -437,6 +437,10 @@ added: v0.5.8
 
 Returns a new [DeflateRaw][] object with an [options][].
 
+**Note:** The zlib library rejects requests for 256-byte windows (i.e.,
+`{windowBits: 8 }` in `options`). An `Error` will be thrown when creating
+a [DeflateRaw][] object with this specific value of the `windowBits` option.
+
 ## zlib.createGunzip([options])
 <!-- YAML
 added: v0.5.8

lib/zlib.js

@@ -182,37 +182,37 @@ class Zlib extends Transform{
 this._finishFlushFlag=opts.finishFlush!==undefined ?
 opts.finishFlush : constants.Z_FINISH;
 
-if(opts.chunkSize){
+if(opts.chunkSize!==undefined){
 if(opts.chunkSize<constants.Z_MIN_CHUNK){
 thrownewRangeError('Invalid chunk size: '+opts.chunkSize);
 }
 }
 
-if(opts.windowBits){
+if(opts.windowBits!==undefined){
 if(opts.windowBits<constants.Z_MIN_WINDOWBITS||
 opts.windowBits>constants.Z_MAX_WINDOWBITS){
 thrownewRangeError('Invalid windowBits: '+opts.windowBits);
 }
 }
 
-if(opts.level){
+if(opts.level!==undefined){
 if(opts.level<constants.Z_MIN_LEVEL||
 opts.level>constants.Z_MAX_LEVEL){
 thrownewRangeError('Invalid compression level: '+opts.level);
 }
 }
 
-if(opts.memLevel){
+if(opts.memLevel!==undefined){
 if(opts.memLevel<constants.Z_MIN_MEMLEVEL||
 opts.memLevel>constants.Z_MAX_MEMLEVEL){
 thrownewRangeError('Invalid memLevel: '+opts.memLevel);
 }
 }
 
-if(opts.strategy&&isInvalidStrategy(opts.strategy))
+if(opts.strategy!==undefined&&isInvalidStrategy(opts.strategy))
 thrownewTypeError('Invalid strategy: '+opts.strategy);
 
-if(opts.dictionary){
+if(opts.dictionary!==undefined){
 if(!ArrayBuffer.isView(opts.dictionary)){
 thrownewTypeError(
 'Invalid dictionary: it should be a Buffer, TypedArray, or DataView');
@@ -224,14 +224,28 @@ class Zlib extends Transform{
 this._hadError=false;
 
 varlevel=constants.Z_DEFAULT_COMPRESSION;
-if(typeofopts.level==='number')level=opts.level;
+if(Number.isFinite(opts.level)){
+level=opts.level;
+}
 
 varstrategy=constants.Z_DEFAULT_STRATEGY;
-if(typeofopts.strategy==='number')strategy=opts.strategy;
+if(Number.isFinite(opts.strategy)){
+strategy=opts.strategy;
+}
+
+varwindowBits=constants.Z_DEFAULT_WINDOWBITS;
+if(Number.isFinite(opts.windowBits)){
+windowBits=opts.windowBits;
+}
+
+varmemLevel=constants.Z_DEFAULT_MEMLEVEL;
+if(Number.isFinite(opts.memLevel)){
+memLevel=opts.memLevel;
+}
 
-this._handle.init(opts.windowBits||constants.Z_DEFAULT_WINDOWBITS,
+this._handle.init(windowBits,
 level,
-opts.memLevel||constants.Z_DEFAULT_MEMLEVEL,
+memLevel,
 strategy,
 opts.dictionary);
 

src/node_zlib.cc

@@ -551,16 +551,19 @@ class ZCtx : public AsyncWrap{
 CHECK(0 && "wtf?");
  }
 
-if (ctx->err_ != Z_OK){
-ZCtx::Error(ctx, "Init error");
- }
-
-
  ctx->dictionary_ = reinterpret_cast<Bytef *>(dictionary);
  ctx->dictionary_len_ = dictionary_len;
 
  ctx->write_in_progress_ = false;
  ctx->init_done_ = true;
+
+if (ctx->err_ != Z_OK){
+if (dictionary != nullptr){
+delete[] dictionary;
+ ctx->dictionary_ = nullptr;
+ }
+ ctx->env()->ThrowError("Init error");
+ }
  }
 
 staticvoidSetDictionary(ZCtx* ctx){

test/parallel/test-zlib-failed-init.js

@@ -0,0 +1,37 @@
+'use strict';
+
+require('../common');
+
+constassert=require('assert');
+constzlib=require('zlib');
+
+// For raw deflate encoding, requests for 256-byte windows are rejected as
+// invalid by zlib.
+// (http://zlib.net/manual.html#Advanced)
+assert.throws(()=>{
+zlib.createDeflateRaw({windowBits: 8});
+},/^Error:Initerror$/);
+
+// Regression tests for bugs in the validation logic.
+
+assert.throws(()=>{
+zlib.createGzip({chunkSize: 0});
+},/^RangeError:Invalidchunksize:0$/);
+
+assert.throws(()=>{
+zlib.createGzip({windowBits: 0});
+},/^RangeError:InvalidwindowBits:0$/);
+
+assert.throws(()=>{
+zlib.createGzip({memLevel: 0});
+},/^RangeError:InvalidmemLevel:0$/);
+
+{
+conststream=zlib.createGzip({level: NaN});
+assert.strictEqual(stream._level,zlib.constants.Z_DEFAULT_COMPRESSION);
+}
+
+{
+conststream=zlib.createGzip({strategy: NaN});
+assert.strictEqual(stream._strategy,zlib.constants.Z_DEFAULT_STRATEGY);
+}