[msal-extensions] Extensions #1 #1830
Conversation
sangonzal
commented
Jun 25, 2020
sangonzal
commented
- Adds package.json, README, tsconfig, and sets directory structure
- Adds Windows DPAPI node addon
sangonzal
requested review from
DarylThayil,
jasonnutter,
jmckennon,
jo-arroyo,
pkanher617,
sameerag,
hectormmg and
tnorling
as code owners
| { | ||
| isolate->ThrowException(v8::Exception::TypeError( | ||
| CreateUtf8String(isolate, "Second argument, optionalEntropy, must be null or an ArrayBuffer"))); | ||
| } |
There was a problem hiding this comment.
I'd recommend constructing the correct C++ types ASAP after verifying the input types, that way you can work directly in C++, without having to think about v8 variadic types.
| if (!info[1]->IsNull()) | ||
| { | ||
| entropyBlob.pbData = reinterpret_cast<BYTE*>(node::Buffer::Data(info[1])); | ||
| entropyBlob.cbData = node::Buffer::Length(info[1]); |
There was a problem hiding this comment.
Do you have a guarantee that both of these buffers are null-terminated?
Or, does node::Buffer::Length have some other form of safety check to prevent an overrun?
There was a problem hiding this comment.
Edit: The data here (info[1]) is the user data that we are passing in to the windows API CryptProtectData(). dataIn and dataOut are pointers with specific length as specified in CryptProtectData usage of the DATA_BLOB.
Since this accounts for the data buffer and length, null-termination isn't needed. There will not be any overrun.
| v8::String::Utf8Value strData(isolate, info[2]); | ||
| std::string scope(*strData); | ||
| if (stricmp(scope.c_str(), "LocalMachine") == 0) | ||
| { | ||
| flags = CRYPTPROTECT_LOCAL_MACHINE; | ||
| } |
There was a problem hiding this comment.
Why are you passing a string parameter if all you want is a DWORD?
There was a problem hiding this comment.
The Node addon needs to be loaded on Mac and Linux as well, not just Windows, so we have use to platform agnostic parameters (my understanding is that DWORD is a type only defined for Windows)
