From 495d688e069f97e8135a877773cd12cb52617e92 Mon Sep 17 00:00:00 2001
From: Сковорода Никита Андреевич <chalkerx@gmail.com>
Date: Fri, 16 Sep 2016 08:07:23 +0300
Subject: buffer: zero-fill uninitialized bytes in .concat()

This makes sure that no uninitialized bytes are leaked when the specified
`totalLength` input value is greater than the actual total length of the
specified buffers array, e.g. in Buffer.concat([Buffer.alloc(0)], 100).

PR-URL: https://github.com/nodejs/node-private/pull/64
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
---
 lib/buffer.js | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lib')

diff --git a/lib/buffer.js b/lib/buffer.js
index 86aa2e512e..495b521def 100644
--- a/lib/buffer.js
+++ b/lib/buffer.js
@@ -338,6 +338,14 @@ Buffer.concat = function(list, length) {
     pos += buf.length;
   }
 
+  // Note: `length` is always equal to `buffer.length` at this point
+  if (pos < length) {
+    // Zero-fill the remaining bytes if the specified `length` was more than
+    // the actual total length, i.e. if we have some remaining allocated bytes
+    // there were not initialized.
+    buffer.fill(0, pos, length);
+  }
+
   return buffer;
 };
 
-- 
cgit v1.2.3