From 38542bb422288aaa2cd712312c2fb54fbd2f829c Mon Sep 17 00:00:00 2001
From: Timo Hocker <t-hocker@web.de>
Date: Tue, 10 Mar 2020 13:37:12 +0100
Subject: [PATCH] return null on error with signed objects

---
 index.js      | 9 ++++++++-
 test/index.js | 7 +++++++
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index 1b67ce2..481651f 100644
--- a/index.js
+++ b/index.js
@@ -104,6 +104,8 @@ function sign_object (obj, key, key_info = null) {
  * @returns {any} returns object if successful, else null
  */
 function verify_signature (str, key, timeout = 0) {
+  if (typeof str !== 'string')
+    return null;
   const dec = decodeURIComponent (str)
     .split ('.');
   const json = JSON.parse (encoding.to_utf8 (dec[0], 'base64'));
@@ -124,6 +126,8 @@ function verify_signature (str, key, timeout = 0) {
  * @returns {any} data
  */
 function get_signature_info (str) {
+  if (typeof str !== 'string')
+    return null;
   const dec = decodeURIComponent (str)
     .split ('.');
   const json = JSON.parse (encoding.to_utf8 (dec[0], 'base64'));
@@ -137,7 +141,10 @@ function get_signature_info (str) {
  * @returns {any} object
  */
 function decode_signed (str) {
-  return get_signature_info (str).obj;
+  const info = get_signature_info (str);
+  if (info)
+    return info.obj;
+  return null;
 }
 
 /**
diff --git a/test/index.js b/test/index.js
index a36d970..261bcc0 100644
--- a/test/index.js
+++ b/test/index.js
@@ -107,6 +107,13 @@ test ('verify_signature', (t) => {
   t.deepEqual (obj, dec);
 });
 
+test ('return null on invalid input', (t) => {
+  const ver = crypto.verify_signature (null, 'foo');
+  t.is (ver, null);
+  const dec = crypto.decode_signed (null, 'foo');
+  t.is (dec, null);
+});
+
 test ('do not fail verification if timeout unspecified', async (t) => {
   const obj = { foo: 'bar' };
   const str = crypto.sign_object (obj, 'baz');