From 31d7dd6bb9c8a555796547dd45cfb06fc8869d50 Mon Sep 17 00:00:00 2001 From: Rafael Oleza Date: Thu, 4 Apr 2019 12:27:33 +0200 Subject: [PATCH] Add explicit handle for errors when decrypting --- src/main-process/atom-application.js | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/src/main-process/atom-application.js b/src/main-process/atom-application.js index 0417d9185..dc5671ddc 100644 --- a/src/main-process/atom-application.js +++ b/src/main-process/atom-application.js @@ -73,7 +73,7 @@ const getExistingSocketSecret = (atomVersion) => { const createSocketSecret = (atomVersion) => { const socketSecret = crypto.randomBytes(16).toString('hex') - fs.writeFileSync(getSocketSecretPath(atomVersion), socketSecret, 'utf8') + fs.writeFileSync(getSocketSecretPath(atomVersion), socketSecret, {encoding: 'utf8', mode: 0o600}) return socketSecret } @@ -81,7 +81,7 @@ const createSocketSecret = (atomVersion) => { const encryptOptions = (options, secret) => { const message = JSON.stringify(options) - const initVector = crypto.randomBytes(16).toString('hex') + const initVector = crypto.randomBytes(16) const cipher = crypto.createCipheriv('aes-256-gcm', secret, initVector) @@ -93,14 +93,14 @@ const encryptOptions = (options, secret) => { return JSON.stringify({ authTag, content, - initVector + initVector: initVector.toString('hex') }) } const decryptOptions = (optionsMessage, secret) => { const {authTag, content, initVector} = JSON.parse(optionsMessage) - const decipher = crypto.createDecipheriv('aes-256-gcm', secret, initVector) + const decipher = crypto.createDecipheriv('aes-256-gcm', secret, Buffer.from(initVector, 'hex')) decipher.setAuthTag(Buffer.from(authTag, 'hex')) let message = decipher.update(content, 'hex', 'utf8') @@ -403,7 +403,13 @@ class AtomApplication extends EventEmitter { let data = '' connection.on('data', chunk => { data += chunk }) connection.on('end', () => { - this.openWithOptions(decryptOptions(data, this.socketSecret)) + try { + const options = decryptOptions(data, this.socketSecret) + this.openWithOptions(options) + } catch (e) { + // Error while parsing/decrypting the options passed by the client. + // We cannot trust the client, aborting. + } }) })