From b9c597a41a9ad7459d124208ea0ee2ca323e71e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= <toberndo@yarkon.de>
Date: Fri, 28 Mar 2014 13:16:33 +0100
Subject: [PATCH] OP-01-003 Suggested Code Enforcement of RandomBuffer (Low).
 Clearing random number from buffer after usage. buffer variable is still a
 public.

---
 src/crypto/random.js | 5 ++++-
 test/worker/api.js   | 8 ++++----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/crypto/random.js b/src/crypto/random.js
index 1eab0a44..61cca5d6 100644
--- a/src/crypto/random.js
+++ b/src/crypto/random.js
@@ -164,6 +164,7 @@ RandomBuffer.prototype.set = function(buf) {
   if (buf.length > freeSpace) {
     buf = buf.subarray(0, freeSpace);
   }
+  // set buf with offset old size of buffer
   this.buffer.set(buf, this.size);
   this.size += buf.length;
 };
@@ -180,9 +181,11 @@ RandomBuffer.prototype.get = function(buf) {
     throw new Error('Invalid type: buf not an Uint8Array');
   }
   if (this.size < buf.length) {
-    throw new Error('Random number buffer depleted.')
+    throw new Error('Random number buffer depleted');
   }
   for (var i = 0; i < buf.length; i++) {
     buf[i] = this.buffer[--this.size];
+    // clear buffer value
+    this.buffer[this.size] = 0;
   }
 };
diff --git a/test/worker/api.js b/test/worker/api.js
index 21a6e3c3..d5063d19 100644
--- a/test/worker/api.js
+++ b/test/worker/api.js
@@ -388,7 +388,7 @@ describe('High level API', function() {
       wProxy.encryptMessage([pubKeyRSA], plaintext, function(err, data) {
         expect(data).to.not.exist;
         expect(err).to.exist;
-        expect(err).to.eql(new Error('Random number buffer depleted.'));
+        expect(err).to.eql(new Error('Random number buffer depleted'));
         done();
       });
     });
@@ -538,16 +538,16 @@ describe('Random Buffer', function() {
     expect(randomBuffer.get.bind(randomBuffer, buf)).to.throw('Invalid type: buf not an Uint8Array');
     buf = new Uint8Array(2);
     randomBuffer.get(buf);
-    expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
+    expect(equal(randomBuffer.buffer, [1,2,5,0,0])).to.be.true;
     expect(randomBuffer.size).to.equal(3);
     expect(buf).to.to.have.property('0', 8);
     expect(buf).to.to.have.property('1', 7);
-    expect(equal(randomBuffer.buffer, [1,2,5,7,8])).to.be.true;
     randomBuffer.get(buf);
     expect(buf).to.to.have.property('0', 5);
     expect(buf).to.to.have.property('1', 2);
+    expect(equal(randomBuffer.buffer, [1,0,0,0,0])).to.be.true;
     expect(randomBuffer.size).to.equal(1);
-    expect(function() { randomBuffer.get(buf) }).to.throw('Random number buffer depleted.');
+    expect(function() { randomBuffer.get(buf) }).to.throw('Random number buffer depleted');
   });
 
 });