Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 803fbfb

Browse filesBrowse files
tniessendanielleadams
tniessen
authored and
danielleadams
committed
process: fix uid/gid validation to avoid crash
id |= 0 turns unsigned 32-bit integer values exceeding the unsigned 31-bit range into negative integers, causing a crash. Use id >>>= 0 instead, which works properly for all unsigned 32-bit integers. Refs: #36786 PR-URL: #44910 Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Erick Wendel <erick.workspace@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
1 parent 9f2dd48 commit 803fbfb
Copy full SHA for 803fbfb

File tree

Expand file treeCollapse file tree

2 files changed

+8
-12
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+8
-12
lines changed
Open diff view settings
Collapse file

‎lib/internal/bootstrap/switches/does_own_process_state.js‎

Copy file name to clipboardExpand all lines: lib/internal/bootstrap/switches/does_own_process_state.js
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,7 @@ function wrapPosixCredentialSetters(credentials) {
7676
function wrapIdSetter(type, method) {
7777
return function(id) {
7878
validateId(id, 'id');
79-
if (typeof id === 'number') id |= 0;
79+
if (typeof id === 'number') id >>>= 0;
8080
// Result is 0 on success, 1 if credential is unknown.
8181
const result = method(id);
8282
if (result === 1) {
Collapse file

‎test/parallel/test-process-uid-gid.js‎

Copy file name to clipboardExpand all lines: test/parallel/test-process-uid-gid.js
+7-11Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -53,17 +53,13 @@ assert.throws(() => {
5353

5454
// Passing -0 shouldn't crash the process
5555
// Refs: https://github.com/nodejs/node/issues/32750
56-
try { process.setuid(-0); } catch {
57-
// Continue regardless of error.
58-
}
59-
try { process.seteuid(-0); } catch {
60-
// Continue regardless of error.
61-
}
62-
try { process.setgid(-0); } catch {
63-
// Continue regardless of error.
64-
}
65-
try { process.setegid(-0); } catch {
66-
// Continue regardless of error.
56+
// And neither should values exceeding 2 ** 31 - 1.
57+
for (const id of [-0, 2 ** 31, 2 ** 32 - 1]) {
58+
for (const fn of [process.setuid, process.setuid, process.setgid, process.setegid]) {
59+
try { fn(id); } catch {
60+
// Continue regardless of error.
61+
}
62+
}
6763
}
6864

6965
// If we're not running as super user...

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.