From b9746258324c31ea09df5a0b8e4441a376202268 Mon Sep 17 00:00:00 2001 From: Ben Woosley Date: Wed, 2 May 2018 20:16:44 -0400 Subject: [PATCH] Don't mutate the elliptic curve prototype with get* additions Point's prototype is set to the prototype of ec('secp256k1').curve.point(), which means mutation to it is shared across users of 'elliptic' via the in-memory representation of those objects. This is not generally a problem, for example, with `validate` it's a simple set, so the greatest risk is that it will be directly overwritten. But in the case of `getX` and `getY`, both methods are overwritten with others that depend on the prior implementation as stored in `_get*`. If this happens twice, then the implementation of `_getX` is replaced with something that depends on a call to `_getX`, and the callers is stuck in an infinite loop. --- bitcore-lib.js | 8 ++++---- lib/crypto/point.js | 8 ++++---- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitcore-lib.js b/bitcore-lib.js index 3014204b9..452b3a67e 100644 --- a/bitcore-lib.js +++ b/bitcore-lib.js @@ -2084,7 +2084,7 @@ Point.getN = function getN() { return new BN(ec.curve.n.toArray()); }; -Point.prototype._getX = Point.prototype.getX; +Point._getX = Point.prototype.getX; /** * @@ -2092,11 +2092,11 @@ Point.prototype._getX = Point.prototype.getX; * * @returns {BN} A BN instance of the X coordinate */ -Point.prototype.getX = function getX() { +Point.getX = function getX() { return new BN(this._getX().toArray()); }; -Point.prototype._getY = Point.prototype.getY; +Point._getY = Point.prototype.getY; /** * @@ -2104,7 +2104,7 @@ Point.prototype._getY = Point.prototype.getY; * * @returns {BN} A BN instance of the Y coordinate */ -Point.prototype.getY = function getY() { +Point.getY = function getY() { return new BN(this._getY().toArray()); }; diff --git a/lib/crypto/point.js b/lib/crypto/point.js index 6046ed361..23b338eef 100644 --- a/lib/crypto/point.js +++ b/lib/crypto/point.js @@ -73,7 +73,7 @@ Point.getN = function getN() { return new BN(ec.curve.n.toArray()); }; -Point.prototype._getX = Point.prototype.getX; +Point._getX = Point.prototype.getX; /** * @@ -81,11 +81,11 @@ Point.prototype._getX = Point.prototype.getX; * * @returns {BN} A BN instance of the X coordinate */ -Point.prototype.getX = function getX() { +Point.getX = function getX() { return new BN(this._getX().toArray()); }; -Point.prototype._getY = Point.prototype.getY; +Point._getY = Point.prototype.getY; /** * @@ -93,7 +93,7 @@ Point.prototype._getY = Point.prototype.getY; * * @returns {BN} A BN instance of the Y coordinate */ -Point.prototype.getY = function getY() { +Point.getY = function getY() { return new BN(this._getY().toArray()); };