From 280b2a74612084257a51aab96832942b0624d243 Mon Sep 17 00:00:00 2001
From: louisbuchbinder <louisbuchbinder@gmail.com>
Date: Sun, 9 Jul 2017 09:14:58 -0700
Subject: [PATCH 1/2] remove large or negative number vulnerability

---
 .gitignore          | 3 ++-
 src/base58.js       | 8 ++++----
 test/base58.test.js | 4 ++--
 3 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/.gitignore b/.gitignore
index 91dfed8..0c3454b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .DS_Store
-node_modules
\ No newline at end of file
+node_modules
+npm-debug.log
\ No newline at end of file
diff --git a/src/base58.js b/src/base58.js
index c1ad209..b8c9530 100644
--- a/src/base58.js
+++ b/src/base58.js
@@ -8,9 +8,9 @@ var alphabetLookup = alphabet.split('').reduce(function (lookup, char, index) {
 	return lookup;
 }, {});
 
-function assertInteger(val) {
-	if (typeof val !== 'number' || isNaN(val) || Math.floor(val) !== val) {
-		throw new Error('Value passed is not an integer.');
+function assertNonNegativeSafeInteger(val) {
+	if (typeof val !== 'number' || isNaN(val) || val < 0 || val > Number.MAX_SAFE_INTEGER || Math.floor(val) !== val) {
+		throw new Error('Value passed is not a non-negative safe integer.');
 	}
 }
 
@@ -33,7 +33,7 @@ exports.encode = function (num) {
 
 	num = Number(num);
 
-	assertInteger(num);
+	assertNonNegativeSafeInteger(num);
 
 	while (num >= base) {
 		modulus = num % base;
diff --git a/test/base58.test.js b/test/base58.test.js
index 0529a91..ec84cb9 100644
--- a/test/base58.test.js
+++ b/test/base58.test.js
@@ -49,7 +49,7 @@ describe('Base58', function () {
 				assert.throws(function () {
 					base58.encode('hi');
 				}, function (err) {
-					return err.message === 'Value passed is not an integer.';
+					return err.message === 'Value passed is not a non-negative safe integer.';
 				});
 			});
 		});
@@ -59,7 +59,7 @@ describe('Base58', function () {
 				assert.throws(function () {
 					base58.encode(3.14);
 				}, function (err) {
-					return err.message === 'Value passed is not an integer.';
+					return err.message === 'Value passed is not a non-negative safe integer.';
 				});
 			});
 		});

From e029a93cf3c474dac44314052455fc6edc3a0718 Mon Sep 17 00:00:00 2001
From: louisbuchbinder <louisbuchbinder@gmail.com>
Date: Sun, 9 Jul 2017 09:23:17 -0700
Subject: [PATCH 2/2] added tests

---
 test/base58.test.js | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/test/base58.test.js b/test/base58.test.js
index ec84cb9..b6a59be 100644
--- a/test/base58.test.js
+++ b/test/base58.test.js
@@ -63,6 +63,26 @@ describe('Base58', function () {
 				});
 			});
 		});
+
+		describe('when passed a negative number', function () {
+			it('throws an error', function () {
+				assert.throws(function () {
+					base58.encode(-300);
+				}, function (err) {
+					return err.message === 'Value passed is not a non-negative safe integer.';
+				});
+			});
+		});
+
+		describe('when passed a non-safe integer', function () {
+			it('throws an error', function () {
+				assert.throws(function () {
+					base58.encode(1E100);
+				}, function (err) {
+					return err.message === 'Value passed is not a non-negative safe integer.';
+				});
+			});
+		});
 	});
 
 	describe('.decode', function () {