1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
|
Description: return valid values on multi-byte-wide TypedArray input
Author: Nikita Skovoroda <chalkerx@gmail.com>
Origin: upstream, https://github.com/browserify/cipher-base/commit/8fd13643
Bug: https://github.com/browserify/cipher-base/security/advisories/GHSA-cpq7-6gpm-g9rc
Bug-Debian: https://bugs.debian.org/1111772
Forwarded: not-needed
Applied-Upstream: 1.0.6, commit:8fd13643
Reviewed-By: Xavier Guimard <yadd@debian.org>
Last-Update: 2025-08-21
--- a/index.js
+++ b/index.js
@@ -3,6 +3,12 @@
var StringDecoder = require('string_decoder').StringDecoder
var inherits = require('inherits')
+var useUint8Array = typeof Uint8Array !== 'undefined';
+var useArrayBuffer = typeof ArrayBuffer !== 'undefined'
+ && typeof Uint8Array !== 'undefined'
+ && ArrayBuffer.isView
+ && (Buffer.prototype instanceof Uint8Array || Buffer.TYPED_ARRAY_SUPPORT);
+
function CipherBase (hashMode) {
Transform.call(this)
this.hashMode = typeof hashMode === 'string'
@@ -21,11 +27,42 @@
inherits(CipherBase, Transform)
CipherBase.prototype.update = function (data, inputEnc, outputEnc) {
- if (typeof data === 'string') {
- data = Buffer.from(data, inputEnc)
+ var bufferData;
+ if (data instanceof Buffer) {
+ // No need to do anything
+ bufferData = data;
+ } else if (typeof data === 'string') {
+ // Convert strings to Buffer
+ bufferData = Buffer.from(data, inputEnc);
+ } else if (useArrayBuffer && ArrayBuffer.isView(data)) {
+ /*
+ * Wrap any TypedArray instances and DataViews
+ * Makes sense only on engines with full TypedArray support -- let Buffer detect that
+ */
+ bufferData = Buffer.from(data.buffer, data.byteOffset, data.byteLength);
+ } else if (useUint8Array && data instanceof Uint8Array) {
+ /*
+ * Uint8Array in engines where Buffer.from might not work with ArrayBuffer, just copy over
+ * Doesn't make sense with other TypedArray instances
+ */
+ bufferData = Buffer.from(data);
+ } else if (
+ Buffer.isBuffer(data)
+ && data.constructor
+ && data.constructor.isBuffer
+ && data.constructor.isBuffer(data)
+ ) {
+ /*
+ * Old Buffer polyfill on an engine that doesn't have TypedArray support
+ * Also, this is from a different Buffer polyfill implementation then we have, as instanceof check failed
+ * Convert to our current Buffer implementation
+ */
+ bufferData = Buffer.from(data);
+ } else {
+ throw new Error('The "data" argument must be of type string or an instance of Buffer, TypedArray, or DataView.');
}
- var outData = this._update(data)
+ var outData = this._update(bufferData)
if (this.hashMode) return this
if (outputEnc) {
--- a/test.js
+++ b/test.js
@@ -109,3 +109,28 @@
t.equals(txt, enc)
})
})
+
+test('handle UInt16Array', function (t) {
+ function Cipher() {
+ CipherBase.call(this, 'finalName');
+ this._cache = [];
+ }
+ inherits(Cipher, CipherBase);
+ Cipher.prototype._update = function (input) {
+ t.ok(Buffer.isBuffer(input));
+ this._cache.push(input);
+ };
+ Cipher.prototype._final = function () {
+ return Buffer.concat(this._cache);
+ };
+
+ if (ArrayBuffer.isView && (Buffer.prototype instanceof Uint8Array || Buffer.TYPED_ARRAY_SUPPORT)) {
+ var cipher = new Cipher();
+ var final = cipher.update(new Uint16Array([1234, 512])).finalName('hex');
+ t.equals(final, 'd2040002');
+ } else {
+ t.skip('ArrayBuffer.isView and/or TypedArray not fully supported');
+ }
+
+ t.end();
+});
|
