Skip to content

Commit

Permalink
process: fix uid/gid validation to avoid crash
Browse files Browse the repository at this point in the history
id |= 0 turns unsigned 32-bit integer values exceeding the unsigned
31-bit range into negative integers, causing a crash. Use id >>>= 0
instead, which works properly for all unsigned 32-bit integers.

Refs: #36786
PR-URL: #44910
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Erick Wendel <erick.workspace@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
  • Loading branch information
tniessen authored and danielleadams committed Oct 11, 2022
1 parent 9f2dd48 commit 803fbfb
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 12 deletions.
2 changes: 1 addition & 1 deletion lib/internal/bootstrap/switches/does_own_process_state.js
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ function wrapPosixCredentialSetters(credentials) {
function wrapIdSetter(type, method) {
return function(id) {
validateId(id, 'id');
if (typeof id === 'number') id |= 0;
if (typeof id === 'number') id >>>= 0;
// Result is 0 on success, 1 if credential is unknown.
const result = method(id);
if (result === 1) {
Expand Down
18 changes: 7 additions & 11 deletions test/parallel/test-process-uid-gid.js
Original file line number Diff line number Diff line change
Expand Up @@ -53,17 +53,13 @@ assert.throws(() => {

// Passing -0 shouldn't crash the process
// Refs: https://github.com/nodejs/node/issues/32750
try { process.setuid(-0); } catch {
// Continue regardless of error.
}
try { process.seteuid(-0); } catch {
// Continue regardless of error.
}
try { process.setgid(-0); } catch {
// Continue regardless of error.
}
try { process.setegid(-0); } catch {
// Continue regardless of error.
// And neither should values exceeding 2 ** 31 - 1.
for (const id of [-0, 2 ** 31, 2 ** 32 - 1]) {
for (const fn of [process.setuid, process.setuid, process.setgid, process.setegid]) {
try { fn(id); } catch {
// Continue regardless of error.
}
}
}

// If we're not running as super user...
Expand Down

0 comments on commit 803fbfb

Please sign in to comment.