Skip to content

Commit

Permalink
[Fix] Buffer.concat looses taint nodejs#20
Browse files Browse the repository at this point in the history
  • Loading branch information
@dacappo
dacappo committed Dec 3, 2018
1 parent 40c37b7 commit 0c0c067
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 1 deletion.
14 changes: 14 additions & 0 deletions lib/_taint_buffer_util.js
View file
Expand Up @@ -284,6 +284,20 @@ exports.applyTaintToBuffer = (buffer, string, encoding,
return buffer;
};

exports.concatBufferArrayTaint = (list) => {
return list.reduce((acc, val) => {
if (typeof val === 'object' && val.taint) {
val.taint.forEach((range) => {
acc.taint.push({'begin': range.begin + acc.len,
'end': range.end + acc.len,
'flow': range.flow
});
});
}
acc.len += val.len;
return acc;
}, {'len': 0, 'taint': []}).taint;
};

exports.applyArrayTaintToBuffer = (array) => {
const newTaint = [];
Expand Down
2 changes: 1 addition & 1 deletion lib/buffer.js
View file
Expand Up @@ -511,7 +511,7 @@ Buffer.concat = function concat(list, length) {
}

// TaintV8
buffer.taint = TaintBuffer.subtaint(buffer, 0, length);
buffer.taint = TaintBuffer.concatBufferArrayTaint(list);

// Note: `length` is always equal to `buffer.length` at this point
if (pos < length) {
Expand Down

0 comments on commit 0c0c067

Please sign in to comment.