child_process: fix handling of incorrect uid/gid in spawn

lundibundi · addaleax · commit 22789fd6d0a5 · 2018-08-31T19:02:26.000+02:00
uid/gid must be uint32, which is asserted on a c++ side but wasn't checked on a JS side and therefore resulted in a process crash. Refs: #22570 PR-URL: #22574 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Weijia Wang <starkwang@126.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
diff --git a/lib/child_process.js b/lib/child_process.js
@@ -38,7 +38,7 @@ const {
   ERR_INVALID_OPT_VALUE,
   ERR_OUT_OF_RANGE
 } = require('internal/errors').codes;
-const { validateString } = require('internal/validators');
+const { validateString, isInt32 } = require('internal/validators');
 const child_process = require('internal/child_process');
 const {
   _validateStdio,
@@ -426,13 +426,13 @@ function normalizeSpawnArguments(file, args, options) {
   }
 
   // Validate the uid, if present.
-  if (options.uid != null && !Number.isInteger(options.uid)) {
-    throw new ERR_INVALID_ARG_TYPE('options.uid', 'integer', options.uid);
+  if (options.uid != null && !isInt32(options.uid)) {
+    throw new ERR_INVALID_ARG_TYPE('options.uid', 'int32', options.uid);
   }
 
   // Validate the gid, if present.
-  if (options.gid != null && !Number.isInteger(options.gid)) {
-    throw new ERR_INVALID_ARG_TYPE('options.gid', 'integer', options.gid);
+  if (options.gid != null && !isInt32(options.gid)) {
+    throw new ERR_INVALID_ARG_TYPE('options.gid', 'int32', options.gid);
   }
 
   // Validate the shell, if present.
diff --git a/test/parallel/test-child-process-spawn-typeerror.js b/test/parallel/test-child-process-spawn-typeerror.js
@@ -33,7 +33,7 @@ const invalidArgValueError =
   common.expectsError({ code: 'ERR_INVALID_ARG_VALUE', type: TypeError }, 14);
 
 const invalidArgTypeError =
-  common.expectsError({ code: 'ERR_INVALID_ARG_TYPE', type: TypeError }, 10);
+  common.expectsError({ code: 'ERR_INVALID_ARG_TYPE', type: TypeError }, 12);
 
 assert.throws(function() {
   const child = spawn(invalidcmd, 'this is not an array');
@@ -76,6 +76,14 @@ assert.throws(function() {
   spawn(cmd, [], 1);
 }, invalidArgTypeError);
 
+assert.throws(function() {
+  spawn(cmd, [], { uid: 2 ** 63 });
+}, invalidArgTypeError);
+
+assert.throws(function() {
+  spawn(cmd, [], { gid: 2 ** 63 });
+}, invalidArgTypeError);
+
 // Argument types for combinatorics.
 const a = [];
 const o = {};
