Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
net: validate fds passed to Socket constructor
This commit validates the file descriptor passed to the TTY
wrap's guessHandleType() function. Prior to this commit, a bad
file descriptor would trigger an abort in the binding layer.

PR-URL: #21429
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
  • Loading branch information
cjihrig committed Jun 22, 2018
commit d9e95d8982ee5b409b36f09c77feccbb1040095c
3 changes: 2 additions & 1 deletion lib/net.js
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ const {
ERR_SOCKET_BAD_PORT,
ERR_SOCKET_CLOSED
} = errors.codes;

const { validateInt32 } = require('internal/validators');
const kLastWriteQueueSize = Symbol('lastWriteQueueSize');

// Lazy loaded to improve startup performance.
Expand All @@ -93,6 +93,7 @@ const {
function noop() {}

function createHandle(fd, is_server) {
validateInt32(fd, 'fd', 0);
const type = TTYWrap.guessHandleType(fd);
if (type === 'PIPE') {
return new Pipe(
Expand Down
8 changes: 8 additions & 0 deletions test/parallel/test-net-socket-constructor.js
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,14 @@ const common = require('../common');
const assert = require('assert');
const net = require('net');

common.expectsError(() => {
new net.Socket({ fd: -1 });
}, { code: 'ERR_OUT_OF_RANGE' });
Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe add a test where fd is non-numeric?


common.expectsError(() => {
new net.Socket({ fd: 'foo' });
}, { code: 'ERR_INVALID_ARG_TYPE' });

function test(sock, readable, writable) {
let socket;
if (sock instanceof net.Socket) {
Expand Down