Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: using Buffer.alloc(size) instead of new Buffer(size) #34

Merged
merged 1 commit into from
May 15, 2018
Merged

fix: using Buffer.alloc(size) instead of new Buffer(size) #34

merged 1 commit into from
May 15, 2018

Conversation

gxcsoccer
Copy link
Member

new Buffer(size) 没有 fill 0,可能会导致信息泄露。并且 node 10 里已经 deprecated,用 Buffer.alloc / Buffer.from / Buffer.allocUnsafe 代替

https://snyk.io/vuln/npm:byte:20180512

fengmk2
fengmk2 reviewed May 15, 2018
View reviewed changes
lib/byte.js Outdated
@@ -21,7 +21,7 @@ function ByteBuffer(options) {
if (array) {
this._bytes = array;
} else {
this._bytes = new Buffer(this._size);
this._bytes = Buffer.alloc(this._size);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node 4 不支持,需要兼容一下

image

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

我还专门查了的,把 10.0.0 看成 0.10.0 了,但是 ci 里 4 是过了的

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

node 4 有,0.10.0 和 0.12.0 没有,还要支持吗?

https://nodejs.org/docs/latest-v4.x/api/buffer.html#buffer_class_method_buffer_alloc_size_fill_encoding

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://github.com/nodejs/node/blob/v4.x/CHANGELOG.md#notable-changes-14 呃。。。文档有问题

@gxcsoccer gxcsoccer merged commit ccc6f4b into master May 15, 2018
@gxcsoccer gxcsoccer deleted the fix-new-buffer branch May 15, 2018 03:11
@gxcsoccer
Copy link
Member Author

1.4.1

@fengmk2 fengmk2 mentioned this pull request May 15, 2018
Closed
ChALkeR added a commit to ChALkeR/security-wg that referenced this pull request May 15, 2018
@ChALkeR
fix(NSWG-ECO-429): update current status
77431b7 
Refs: node-modules/byte#34
@ChALkeR ChALkeR mentioned this pull request May 15, 2018
Merged
vdeturckheim pushed a commit to nodejs/security-wg that referenced this pull request May 15, 2018
@ChALkeR @vdeturckheim
fix(NSWG-ECO-429): update current status (#276)
6639c48 
Refs: node-modules/byte#34
patrickm68 added a commit to patrickm68/security-wg-process that referenced this pull request Sep 14, 2023
@patrickm68
fix(NSWG-ECO-429): update current status (#276)
83a1967 
Refs: node-modules/byte#34
mattstern31 added a commit to mattstern31/security-wg-process that referenced this pull request Nov 11, 2023
@mattstern31
fix(NSWG-ECO-429): update current status (#276)
005a317 
Refs: node-modules/byte#34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fengmk2 fengmk2 fengmk2 left review comments

@XadillaX XadillaX Awaiting requested review from XadillaX

@dead-horse dead-horse Awaiting requested review from dead-horse

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@gxcsoccer @fengmk2