Integer Overflow in Adonisjs with Mutual Tls

When Adonisjs services are protected with Mutual Transport Layer Security (Mutual TLS), developers may assume the transport is fully authenticated and that inputs arriving over a mutually authenticated channel are inherently safe. This assumption can mask integer handling issues. In Adonisjs, routes and controllers often parse numeric identifiers, timestamps, or size parameters from request payloads, query strings, or headers. If these values are not validated for range and type, an attacker can supply values that trigger integer overflow during arithmetic operations or buffer sizing, even when Mutual TLS client certificates are verified.

Mutual TLS ensures the client is known, but it does not guarantee the client’s data is well-formed. Consider an endpoint that accepts a file identifier and computes a buffer size by multiplying two integers provided by the client (e.g., element size and count). If the multiplication exceeds JavaScript’s safe integer range (Number.MAX_SAFE_INTEGER), the resulting value can wrap around, leading to an undersized buffer. During subsequent read or copy operations, this can cause memory corruption patterns similar to classic buffer overflows, despite the Mutual TLS layer being correctly configured. Such logic is reachable over a Mutual TLS-terminated connection, making the attack surface available to any authenticated client certificate that sends malicious numeric inputs.

Another scenario involves timestamp or version arithmetic. Adonisjs applications commonly use integers for ordering, pagination, or cache keys. If an endpoint computes a delta by subtracting a user-supplied integer from a server-generated value, an attacker providing a very large unsigned integer can force the result into unexpected ranges, bypassing intended ordering constraints or causing incorrect resource selection. The Mutual TLS context may lead developers to skip additional validation, but the framework does not automatically sanitize numeric inputs. The combination of enforced client authentication and unchecked arithmetic is where Integer Overflow becomes likely: the channel is trusted, but the data within it is not validated.

These issues are not theoretical; they map to common weaknesses in API implementations. For example, numeric overflows can contribute to logic flaws like IDOR when computed offsets are used to locate objects. They may also facilitate injection or corruption if overflowed values are used in memory allocations or string operations. Because Adonisjs applications often expose RESTful routes with numeric IDs, each route that performs arithmetic on incoming integers should be reviewed for range checks, use of BigInt where necessary, and rejection of values that fall outside expected business boundaries.

Leveraging tools that understand both transport security and application logic can help uncover these subtle issues. middleBrick scans API endpoints, including those protected by Mutual TLS, and performs 12 security checks in parallel. Among these are Input Validation and Authentication checks that examine how numeric parameters are handled, even when Mutual TLS client certificates are present. The scanner tests the unauthenticated attack surface and, when combined with client certificate testing in controlled environments, can highlight where Integer Overflow risks persist despite Mutual TLS protections.

For LLM-related endpoints, such as those integrating model services over Mutual TLS, additional care is required. middleBrick’s LLM/AI Security checks include system prompt leakage detection and active prompt injection testing. While these do not directly test integer arithmetic, they ensure that security considerations extend beyond transport to model interaction logic. In environments where Adonisjs serves as an API gateway for LLM endpoints, ensuring numeric inputs to routing or middleware are bounded remains essential to prevent overflow-related instability.

Remediation focuses on validating and sanitizing all numeric inputs regardless of Mutual TLS status. Use explicit range checks, prefer 64-bit safe integers or BigInt for large computations, and reject values that exceed expected bounds before they participate in arithmetic. Below are concrete code examples demonstrating secure handling in an Adonisjs project using Mutual TLS.

First, configure Mutual TLS in your Adonisjs server. This example shows setting up an HTTPS server with request certificate verification using Node.js tls module and Adonisjs provider configuration. It assumes you have CA, server, and client certificates available.

// start/server.ts
import { defineConfig } from '@adonisjs/core/app'
import fs from 'fs'

export default defineConfig({
  https: {
    enabled: true,
    cert: fs.readFileSync('path/to/server-cert.pem'),
    key: fs.readFileSync('path/to/server-key.pem'),
    ca: fs.readFileSync('path/to/ca-cert.pem'),
    requestCert: true,
    rejectUnauthorized: true,
  },
})

Next, enforce numeric validation in routes and controllers. Always validate incoming integers against minimum and maximum allowed values. Use Joi or Adonisjs schema validation to ensure values are within safe ranges and are of the correct type.

// routes.ts
import Route from '@ioc:Adonis/Core/Route'

Route.get('/files/:id', async ({ params, request }) => {
  const schema = Joi.object({
    id: Joi.number().integer().min(1).max(1000000).required(),
  })
  const validated = await schema.validateAsync({ id: Number(params.id) })
  // safe to use validated.id
})

When computing sizes or buffers, avoid unsafe multiplication. If you must multiply user-supplied integers, use BigInt and check for overflow against known limits.

// controllers/BufferController.tsnimport { schema } from '@ioc:Adonis/Core/Validator'

export default class BufferController {
  public async computeSize() {
    const validationSchema = schema.create({
      elementSize: schema.number([
        (rule) => {
          rule.unsigned()
          rule.max(2 ** 30) // limit to prevent overflow
        },
      ]),
      count: schema.number([
        (rule) => {
          rule.unsigned()
          rule.max(2 ** 30)
        },
      ]),
    })

    const payload = await validationSchema.validate(this.request.body())
    const elementSize = BigInt(payload.elementSize)
    const count = BigInt(payload.count)
    const total = elementSize * count

    if (total > BigInt(2 ** 32)) {
      throw new Error('Requested buffer size exceeds safe limit')
    }

    const buffer = Buffer.alloc(Number(total))
    // proceed safely
  }
}

For timestamp or version arithmetic, clamp inputs to a reasonable window and avoid subtraction with untrusted large integers. Use bounded time ranges and reject values that fall outside operational periods.

// controllers/VersionController.tsnimport { schema } from '@ioc:Adonis/Core/Validator'

export default class VersionController {
  public async validateVersion() {
    const schema = schema.create({
      baseVersion: schema.number([
        (rule) => {
          rule.unsigned()
          rule.max(2 ** 31 - 1)
        },
      ]),
      incomingDelta: schema.number([
        (rule) => {
          rule.unsigned()
          rule.max(10000)
        },
      ]),
    })

    const { baseVersion, incomingDelta } = await schema.validate(this.request.body())
    const safeBase = BigInt(baseVersion)
    const delta = BigInt(incomingDelta)
    const result = safeBase - delta

    if (result < 0 || result > safeBase) {
      throw new Error('Version delta results in invalid value')
    }

    // proceed with safe version logic
  }
}

These patterns ensure that even when Mutual TLS provides strong client authentication, numeric inputs are independently verified. middleBrick can be used to verify that such validation is reflected in runtime behavior by testing input validation paths while Mutual TLS is active. Its CLI allows you to run scans from the terminal and review JSON output for detailed findings.