From 66694b4a93c8f9a7cda5ee4ea52e3692df926ef4 Mon Sep 17 00:00:00 2001 From: Marius Date: Tue, 30 May 2017 21:31:51 +0200 Subject: [PATCH] Fix buffer initialization for Base64 encoding (#75) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit 3827da752d3b2eb86613b92ffb6715806d799fdc Author: Marius Date: Tue May 30 21:31:26 2017 +0200 Transpile changes commit 025aac69f827e6c0f51215609070bab6b76cc491 Author: Marius Date: Tue May 30 21:30:41 2017 +0200 Add test for number metadata commit 35b470af8386ff96230e09408a3ba83c6831b3a0 Merge: 902e4bf 74e4500 Author: Marius Date: Tue May 30 21:26:52 2017 +0200 Merge branch 'fix/buffer-leak' of https://github.com/goto-bus-stop/tus-js-client into buffer commit 74e450093e8dec46f741d714abaa337d43c68d40 Author: Renée Kooi Date: Tue May 30 17:18:44 2017 +0200 fix lint commit a4205706d1b68a88e4ec5ff1a62c536ff98a0cca Author: Renée Kooi Date: Tue May 30 15:43:13 2017 +0200 fix buffer initialization in base64 encoding If a number was passed to `encode()`, the buffer would be created with uninitialised memory. This patch casts anything that's passed in to a string first and then uses the safe `Buffer.from` API. `Buffer.from` was added in Node v4 but the `buffer-from` module ponyfills it for older Node versions. See [nodejs/node#4660](https://github.com/nodejs/node/issues/4660) --- lib.es5/node/base64.js | 10 ++++++++-- lib/node/base64.js | 4 ++-- package.json | 1 + test/spec/upload.js | 5 +++-- 4 files changed, 14 insertions(+), 6 deletions(-) diff --git a/lib.es5/node/base64.js b/lib.es5/node/base64.js index 59776c39..dc78d960 100644 --- a/lib.es5/node/base64.js +++ b/lib.es5/node/base64.js @@ -4,11 +4,17 @@ Object.defineProperty(exports, "__esModule", { value: true }); +exports.isSupported = undefined; exports.encode = encode; -/* global: Buffer */ + +var _bufferFrom = require("buffer-from"); + +var _bufferFrom2 = _interopRequireDefault(_bufferFrom); + +function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } function encode(data) { - return new Buffer(data).toString("base64"); + return (0, _bufferFrom2.default)(String(data)).toString("base64"); } var isSupported = exports.isSupported = true; \ No newline at end of file diff --git a/lib/node/base64.js b/lib/node/base64.js index 30d21414..5003cf20 100644 --- a/lib/node/base64.js +++ b/lib/node/base64.js @@ -1,7 +1,7 @@ -/* global: Buffer */ +import bufferFrom from "buffer-from"; export function encode(data) { - return new Buffer(data).toString("base64"); + return bufferFrom(String(data)).toString("base64"); } export const isSupported = true; diff --git a/package.json b/package.json index 633f9adc..acab73a7 100644 --- a/package.json +++ b/package.json @@ -53,6 +53,7 @@ "watchify": "^3.5.0" }, "dependencies": { + "buffer-from": "^0.1.1", "extend": "^3.0.0", "lodash.throttle": "^4.1.1", "resolve-url": "^0.2.1" diff --git a/test/spec/upload.js b/test/spec/upload.js index a905c034..87d9ceab 100644 --- a/test/spec/upload.js +++ b/test/spec/upload.js @@ -35,7 +35,8 @@ describe("tus", function () { metadata: { foo: "hello", bar: "world", - nonlatin: "słońce" + nonlatin: "słońce", + number: 100 }, withCredentials: true, onProgress: function () {}, @@ -57,7 +58,7 @@ describe("tus", function () { expect(req.requestHeaders["Upload-Length"]).toBe(11); if (isBrowser) expect(req.withCredentials).toBe(true); if (isNode || (isBrowser && "btoa" in window)) { - expect(req.requestHeaders["Upload-Metadata"]).toBe("foo aGVsbG8=,bar d29ybGQ=,nonlatin c8WCb8WEY2U="); + expect(req.requestHeaders["Upload-Metadata"]).toBe("foo aGVsbG8=,bar d29ybGQ=,nonlatin c8WCb8WEY2U=,number MTAw"); } req.respondWith({