buffer: random-fill Buffer(num) and new Buffer(num)

jasnell · jasnell · commit 5bbbb282be63 · 2017-03-21T09:30:04.000-07:00
Selects a random byte and fills Buffer(num) and new Buffer(num)
automatically using the randomly selected value.

Why random-fill vs. zero-fill?

Prior to this commit, the uninitialized Buffer allocation
would be potentially filled with non-zeroed data. By filling
with a randomly selected value, we eliminate the possibility
of leaking uninitialized data but we preserve the need for
users to completely over-write the Buffer contents in order
for it to be useful. Zero-filling by default would
*potentially* put users at risk if module developers assume
that the Buffer instance will always be zero-filled (which
will not be the case on older versions of Node.js).

The cost, however, is that filling with a randomly selected
value is a bit less performant than zero-filling on allocation.

Note that Buffer.allocUnsafe() and Buffer.alloc() are *not*
affected by this change. Buffer.allocUnsafe() will returns
a Buffer with uninitialized data and Buffer.alloc() returns
*zero-filled* data.
diff --git a/lib/buffer.js b/lib/buffer.js
@@ -22,11 +22,14 @@
 'use strict';
 
 const binding = process.binding('buffer');
+const config = process.binding('config');
 const { compare: compare_, compareOffset } = binding;
 const { isArrayBuffer, isSharedArrayBuffer, isUint8Array } =
     process.binding('util');
 const bindingObj = {};
 const internalUtil = require('internal/util');
+const zeroFillBuffers = !!config.zeroFillBuffers;
+const randomFill = zeroFillBuffers ? 0 : Math.floor(Math.random() * 256);
 
 class FastBuffer extends Uint8Array {
   constructor(arg1, arg2, arg3) {
@@ -102,7 +105,7 @@ function Buffer(arg, encodingOrOffset, length) {
         'If encoding is specified then the first argument must be a string'
       );
     }
-    return Buffer.allocUnsafe(arg);
+    return Buffer.allocUnsafe(arg).fill(randomFill);
   }
   return Buffer.from(arg, encodingOrOffset, length);
 }
diff --git a/src/node_config.cc b/src/node_config.cc
@@ -1,4 +1,5 @@
 #include "node.h"
+#include "node_buffer.h"
 #include "node_i18n.h"
 #include "env.h"
 #include "env-inl.h"
@@ -49,6 +50,9 @@ void InitConfig(Local<Object> target,
   if (config_preserve_symlinks)
     READONLY_BOOLEAN_PROPERTY("preserveSymlinks");
 
+  if (zero_fill_all_buffers)
+    READONLY_BOOLEAN_PROPERTY("zeroFillBuffers");
+
   if (!config_warning_file.empty()) {
     Local<String> name = OneByteString(env->isolate(), "warningFile");
     Local<String> value = String::NewFromUtf8(env->isolate(),
