Skip to content
Permalink
Browse files

buffer: stop alloc() uninitialized memory return

CVE-2018-7166
Discovered by ChALkeR - Сковорода Никита Андреевич

Prevent Buffer.alloc(size, fill, number) from returning uninitialized memory.

Fixes: nodejs-private/security#202
PR-URL: nodejs-private/node-private#137
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
  • Loading branch information...
cjihrig authored and rvagg committed Aug 10, 2018
1 parent 16accff commit 40a7beeddac9b9ec9ef5b49157daaf8470648b08
Showing with 9 additions and 1 deletion.
  1. +2 −1 lib/buffer.js
  2. +7 −0 test/parallel/test-buffer-alloc.js
@@ -278,7 +278,8 @@ function assertSize(size) {
Buffer.alloc = function alloc(size, fill, encoding) {
assertSize(size);
if (fill !== undefined && fill !== 0 && size > 0) {
return _fill(createUnsafeBuffer(size), fill, encoding);
const buf = createUnsafeBuffer(size);
return _fill(buf, fill, 0, buf.length, encoding);
}
return new FastBuffer(size);
};
@@ -1039,3 +1039,10 @@ common.expectsError(() => {
code: 'ERR_INVALID_ARG_VALUE',
type: TypeError
});

common.expectsError(() => {
Buffer.alloc(40, 'x', 20);
}, {
code: 'ERR_INVALID_ARG_TYPE',
type: TypeError
});

1 comment on commit 40a7bee

@ChALkeR

This comment has been minimized.

Copy link
Member

ChALkeR commented on 40a7bee Aug 23, 2018

@cjihrig @MylesBorins @nodejs/lts the testcase should be backported.

Please sign in to comment.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.