chrome-cookies-secure icon indicating copy to clipboard operation
chrome-cookies-secure copied to clipboard

Published 20 hours ago verified publisher icon bertrandom

Decrypting some cookies results in RangeError

Open eloquence opened this issue 9 years ago • 3 comments

On decrypting cookies set by one particular site (Goodreads.com), I got the following error:

RangeError: out of range index at RangeError (native) at decrypt (node_modules/chrome-cookies-secure/index.js:59:8) at Statement.db.each.host (node_modules/chrome-cookies-secure/index.js:268:21)

The offending line 59 is final.copy(decoded, decoded.length - 1);. Changing it to final.copy(decoded, decoded.length ? decoded.length - 1 : 0); (no longer assuming that the target buffer contains data) fixed the issue for me, though I don't know if that's the best solution.

eloquence avatar May 26 '16 07:05 eloquence

Are these the basic login cookies? Will test soon when I get a chance!

bertrandom avatar May 26 '16 14:05 bertrandom

Yep, this happened with the Goodreads login & standard site cookies, logging in via Facebook. Thanks for taking a look!

eloquence avatar May 26 '16 18:05 eloquence

This is a very old issue, but I see that the final.copy(decoded, decoded.length - 1) is still the same in the code base.

Here: https://github.com/bertrandom/chrome-cookies-secure/blob/8eeca6d405527327f30d95801ec048d38deaee1e/index.js#L42

It's a long-shot, but do you still have the code that can replicate this? If the buffer contains no data then I presume it's a bad entry, and all you were trying to do was skip it so that it didn't blow up everything else?

That feels like a reasonable approach, and I can't see much downside with it.

We could probably log out a warning too if this happens.

rubengmurray avatar Jun 30 '24 14:06 rubengmurray