From 1c590ad49e10a158783ada7cc0662d9e0cc6cc11 Mon Sep 17 00:00:00 2001 From: Mark Atwood Date: Sun, 19 Apr 2020 19:54:54 -0700 Subject: [PATCH 1/4] add license MIT tag to package.json (#83) --- package.json | 1 + 1 file changed, 1 insertion(+) diff --git a/package.json b/package.json index a1829ad..d02461a 100644 --- a/package.json +++ b/package.json @@ -2,6 +2,7 @@ "name": "bl", "version": "4.0.2", "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!", + "license": "MIT", "main": "bl.js", "scripts": { "lint": "standard *.js test/*.js", From d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Wed, 26 Aug 2020 10:06:00 +0200 Subject: [PATCH 2/4] Fix unintialized memory access --- BufferList.js | 11 ++++++++++- test/test.js | 16 ++++++++++++++++ 2 files changed, 26 insertions(+), 1 deletion(-) diff --git a/BufferList.js b/BufferList.js index 6dad448..802020f 100644 --- a/BufferList.js +++ b/BufferList.js @@ -134,12 +134,13 @@ BufferList.prototype.copy = function copy (dst, dstStart, srcStart, srcEnd) { if (bytes > l) { this._bufs[i].copy(dst, bufoff, start) + bufoff += l } else { this._bufs[i].copy(dst, bufoff, start, start + bytes) + bufoff += l break } - bufoff += l bytes -= l if (start) { @@ -147,6 +148,9 @@ BufferList.prototype.copy = function copy (dst, dstStart, srcStart, srcEnd) { } } + // safeguard so that we don't return uninitialized memory + if (dst.length > bufoff) return dst.slice(0, bufoff) + return dst } @@ -188,6 +192,11 @@ BufferList.prototype.toString = function toString (encoding, start, end) { } BufferList.prototype.consume = function consume (bytes) { + // first, normalize the argument, in accordance with how Buffer does it + bytes = Math.trunc(bytes) + // do nothing if not a positive number + if (Number.isNaN(bytes) || bytes <= 0) return this + while (this._bufs.length) { if (bytes >= this._bufs[0].length) { bytes -= this._bufs[0].length diff --git a/test/test.js b/test/test.js index cb1f257..e03bb85 100644 --- a/test/test.js +++ b/test/test.js @@ -463,6 +463,22 @@ tape('test toString encoding', function (t) { t.end() }) +tape('uninitialized memory', function (t) { + const secret = crypto.randomBytes(256) + for (let i = 0; i < 1e6; i++) { + const clone = Buffer.from(secret) + const bl = new BufferList() + bl.append(Buffer.from('a')) + bl.consume(-1024) + const buf = bl.slice(1) + if (buf.indexOf(clone) !== -1) { + t.fail(`Match (at ${i})`) + break + } + } + t.end() +}) + !process.browser && tape('test stream', function (t) { const random = crypto.randomBytes(65534) From 7a4ae7f818a4ceba234f3d186a1ffb3f0a34ad0c Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Wed, 26 Aug 2020 10:11:31 +0200 Subject: [PATCH 3/4] Node v14 --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index b18f3d5..e0df89c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -5,8 +5,8 @@ node_js: - '8' - '10' - '12' + - '14' - lts/* - - current branches: only: - master From f659836cc84211cad41b73bad89c78f7f874c626 Mon Sep 17 00:00:00 2001 From: Matteo Collina Date: Wed, 26 Aug 2020 10:13:22 +0200 Subject: [PATCH 4/4] Bumped v4.0.3 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index d02461a..d57b5d0 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "bl", - "version": "4.0.2", + "version": "4.0.3", "description": "Buffer List: collect buffers and access with a standard readable Buffer interface, streamable too!", "license": "MIT", "main": "bl.js",