Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

buffer: zero-fill buffer allocated with invalid content #17428

Closed
wants to merge 4 commits into from

Conversation

addaleax
Copy link
Member

@addaleax addaleax commented Dec 2, 2017

@cjihrig Sorry, I was just finishing this up when I saw your PR – I think your suggestion makes sense, but I think we should make Buffer.alloc() never return uninitialized data on any release line.


Zero-fill when Buffer.alloc() receives invalid fill data.

A solution like #17427 which switches
to throwing makes sense, but is likely a breaking change.

This suggestion leaves the behaviour of buffer.fill() untouched,
since any change to it would be a breaking change, and lets
Buffer.alloc() check whether any filling took place or not.

Refs: #17427
Refs: #17423

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • documentation is changed or added
  • commit message follows commit guidelines
Affected core subsystem(s)

buffer

@nodejs-github-bot nodejs-github-bot added buffer Issues and PRs related to the buffer subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. labels Dec 2, 2017
Zero-fill when `Buffer.alloc()` receives invalid fill data.

A solution like nodejs#17427 which switches
to throwing makes sense, but is likely a breaking change.

This suggestion leaves the behaviour of `buffer.fill()` untouched,
since any change to it would be a breaking change, and lets
`Buffer.alloc()` check whether any filling took place or not.

Refs: nodejs#17427
Refs: nodejs#17423
@addaleax addaleax added lts-watch-v4.x security Issues and PRs related to security. labels Dec 2, 2017
@addaleax
Copy link
Member Author

addaleax commented Dec 2, 2017

@nodejs/buffer @nodejs/security The cat is kind of out of the bag with the public issue & the other PR being opened, but I do think this potentially has security implications and we should apply it (or some other solution that we agree on) to all release lines in the near future.

Edit: Okay, funnily enough, Node 4 + 6 already do throw an error in these situations, so this only remains for 8 and 9.

CI: https://ci.nodejs.org/job/node-test-commit/14528/
CITGM: https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1123/

Copy link
Contributor

@cjihrig cjihrig left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm fine with this for older/current release lines. I still think moving forward that throwing in fill() is the correct thing to do.

Copy link
Member

@apapirovski apapirovski left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@@ -1254,6 +1259,19 @@ Example: Fill a `Buffer` with a two-byte character
console.log(Buffer.allocUnsafe(3).fill('\u0222'));
```

If `value` is contains invalid characters, it is truncated; if no valid
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: extra 'is' before contains

changes:
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/17428
description: Specifying an invalid string for `fill` now yields a
Copy link
Member

@apapirovski apapirovski Dec 2, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a thought but given yield is a JS keyword with a specific meaning and not necessarily a super familiar word for non-native speakers, is there another word we could use? Maybe results in, creates or returns?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You can say the same about returns ;) I’m happy with anything, results in sounds fine to me.

// Prints: <Buffer aa aa aa aa aa>
console.log(buf.fill('aazz', 'hex'));
// Prints: <Buffer aa aa aa aa aa>
console.log(buf.fill('zz', 'hex'));
Copy link
Member

@lpinca lpinca Dec 3, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: missing // Prints: ?

Edit: nvm.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems the comments cover the next line, not the previous.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I misread, sorry.

@@ -266,7 +266,9 @@ Buffer.alloc = function alloc(size, fill, encoding) {
// be interpreted as a start offset.
if (typeof encoding !== 'string')
encoding = undefined;
return createUnsafeBuffer(size).fill(fill, encoding);
const ret = createUnsafeBuffer(size);
if (fill_(ret, fill, encoding))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: if (fill_(ret, fill, encoding) > 0) { ? To avoid an unnecessary ToBoolean.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@targos yup, will fix while landing

@addaleax
Copy link
Member Author

addaleax commented Dec 5, 2017

Landed in b31626e, 69a68c0

@addaleax addaleax closed this Dec 5, 2017
@addaleax addaleax deleted the buffer-fill branch December 5, 2017 11:46
addaleax added a commit that referenced this pull request Dec 5, 2017
PR-URL: #17428
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
addaleax added a commit that referenced this pull request Dec 5, 2017
Zero-fill when `Buffer.alloc()` receives invalid fill data.

A solution like #17427 which switches
to throwing makes sense, but is likely a breaking change.

This suggestion leaves the behaviour of `buffer.fill()` untouched,
since any change to it would be a breaking change, and lets
`Buffer.alloc()` check whether any filling took place or not.

PR-URL: #17428
Refs: #17427
Refs: #17423
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
addaleax added a commit to addaleax/node that referenced this pull request Dec 5, 2017
PR-URL: nodejs#17428
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anatoli Papirovski <apapirovski@mac.com>
Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
evanlucas added a commit that referenced this pull request Dec 7, 2017
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

PR-URL: #17531
@MylesBorins MylesBorins mentioned this pull request Dec 7, 2017
MylesBorins added a commit that referenced this pull request Dec 7, 2017
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* buffer:
  * buffer allocated with an invalid content will now be zero filled
    (Anna Henningsen)
    #17428
* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    #17526

PR-URL: #17532
evanlucas added a commit that referenced this pull request Dec 8, 2017
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

PR-URL: #17531
MylesBorins added a commit that referenced this pull request Dec 8, 2017
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* buffer:
  * buffer allocated with an invalid content will now be zero filled
    (Anna Henningsen)
    #17428
* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    #17526

PR-URL: #17532
MylesBorins pushed a commit that referenced this pull request Dec 8, 2017
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

PR-URL: #17531
MylesBorins added a commit that referenced this pull request Dec 8, 2017
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
for details on patched vulnerabilities.

Fixes for the following CVEs are included in this release:

* CVE-2017-15896
* CVE-2017-15897
* CVE-2017-3738 (from the openssl project)

Notable Changes:

* buffer:
  * buffer allocated with an invalid content will now be zero filled
    (Anna Henningsen)
    #17428
* deps:
  * openssl updated to 1.0.2n (Shigeki Ohtsu)
    #17526

PR-URL: #17532
MylesBorins pushed a commit that referenced this pull request Dec 8, 2017
Notable changes:

* **buffer**:
  * buffer allocated with an invalid content will now be zero filled (Anna Henningsen) #17428
* **deps**:
  * openssl updated to 1.0.2n (Shigeki Ohtsu) #17526

PR-URL: #17531
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
buffer Issues and PRs related to the buffer subsystem. c++ Issues and PRs that require attention from people who are familiar with C++. security Issues and PRs related to security.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants