buffer: zero-fill buffer allocated with invalid content #17428
Closed
addaleax wants to merge 4 commits intonodejs:masterfrom
Closed
buffer: zero-fill buffer allocated with invalid content #17428addaleax wants to merge 4 commits intonodejs:masterfrom
addaleax wants to merge 4 commits intonodejs:masterfrom
Conversation
nodejs-github-bot
added
buffer
Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like nodejs#17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. Refs: nodejs#17427 Refs: nodejs#17423
Member
Author
|
@nodejs/buffer @nodejs/security The cat is kind of out of the bag with the public issue & the other PR being opened, but I do think this potentially has security implications and we should apply it (or some other solution that we agree on) to all release lines in the near future. Edit: Okay, funnily enough, Node 4 + 6 already do throw an error in these situations, so this only remains for 8 and 9. CI: https://ci.nodejs.org/job/node-test-commit/14528/ |
jasnell
approved these changes
Dec 2, 2017
cjihrig
approved these changes
Dec 2, 2017
Contributor
cjihrig
left a comment
cjihrig
left a comment
There was a problem hiding this comment.
I'm fine with this for older/current release lines. I still think moving forward that throwing in fill() is the correct thing to do.
apapirovski
approved these changes
Dec 2, 2017
doc/api/buffer.md
Outdated
| console.log(Buffer.allocUnsafe(3).fill('\u0222')); | ||
| ``` | ||
|
|
||
| If `value` is contains invalid characters, it is truncated; if no valid |
Contributor
There was a problem hiding this comment.
Nit: extra 'is' before contains
doc/api/buffer.md
Outdated
| changes: | ||
| - version: REPLACEME | ||
| pr-url: https://github.com/nodejs/node/pull/17428 | ||
| description: Specifying an invalid string for `fill` now yields a |
Contributor
There was a problem hiding this comment.
Just a thought but given yield is a JS keyword with a specific meaning and not necessarily a super familiar word for non-native speakers, is there another word we could use? Maybe results in, creates or returns?
Member
Author
There was a problem hiding this comment.
You can say the same about returns ;) I’m happy with anything, results in sounds fine to me.
ofrobots
approved these changes
Dec 2, 2017
tniessen
approved these changes
Dec 2, 2017
lpinca
approved these changes
Dec 3, 2017
| // Prints: <Buffer aa aa aa aa aa> | ||
| console.log(buf.fill('aazz', 'hex')); | ||
| // Prints: <Buffer aa aa aa aa aa> | ||
| console.log(buf.fill('zz', 'hex')); |
Member
There was a problem hiding this comment.
Nit: missing // Prints: ?
Edit: nvm.
Contributor
There was a problem hiding this comment.
It seems the comments cover the next line, not the previous.
targos
approved these changes
Dec 4, 2017
| encoding = undefined; | ||
| return createUnsafeBuffer(size).fill(fill, encoding); | ||
| const ret = createUnsafeBuffer(size); | ||
| if (fill_(ret, fill, encoding)) |
Member
There was a problem hiding this comment.
nit: if (fill_(ret, fill, encoding) > 0) { ? To avoid an unnecessary ToBoolean.
Member
Author
addaleax
added a commit
that referenced
this pull request
Dec 5, 2017
PR-URL: #17428 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
addaleax
added a commit
that referenced
this pull request
Dec 5, 2017
Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like #17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. PR-URL: #17428 Refs: #17427 Refs: #17423 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
addaleax
added a commit
to addaleax/node
that referenced
this pull request
Dec 5, 2017
PR-URL: nodejs#17428 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>
Merged
MylesBorins
added a commit
that referenced
this pull request
Dec 7, 2017
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * CVE-2017-15896 * CVE-2017-15897 * CVE-2017-3738 (from the openssl project) Notable Changes: * buffer: * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428 * deps: * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526 PR-URL: #17532
MylesBorins
added a commit
that referenced
this pull request
Dec 8, 2017
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * CVE-2017-15896 * CVE-2017-15897 * CVE-2017-3738 (from the openssl project) Notable Changes: * buffer: * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428 * deps: * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526 PR-URL: #17532
MylesBorins
added a commit
that referenced
this pull request
Dec 8, 2017
This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ for details on patched vulnerabilities. Fixes for the following CVEs are included in this release: * CVE-2017-15896 * CVE-2017-15897 * CVE-2017-3738 (from the openssl project) Notable Changes: * buffer: * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428 * deps: * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526 PR-URL: #17532
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
10 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
@cjihrig Sorry, I was just finishing this up when I saw your PR – I think your suggestion makes sense, but I think we should make
Buffer.alloc()never return uninitialized data on any release line.Zero-fill when
Buffer.alloc()receives invalid fill data.A solution like #17427 which switches
to throwing makes sense, but is likely a breaking change.
This suggestion leaves the behaviour of
buffer.fill()untouched,since any change to it would be a breaking change, and lets
Buffer.alloc()check whether any filling took place or not.Refs: #17427
Refs: #17423
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
buffer