child_process: fix handling of incorrect uid/gid in spawn

uid/gid must be uint32, which is asserted on a c++ side but wasn't checked on a JS side and therefore resulted in a process crash. Refs: #22570 PR-URL: #22574 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Weijia Wang <starkwang@126.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
nodejs · Sep 3, 2018 · 180bb0b · 180bb0b
1 parent 041c779
commit 180bb0b
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/lib/child_process.js b/lib/child_process.js
@@ -37,7 +37,7 @@ const {
   ERR_INVALID_OPT_VALUE,
   ERR_OUT_OF_RANGE
 } = require('internal/errors').codes;
-const { validateString } = require('internal/validators');
+const { validateString, isInt32 } = require('internal/validators');
 const child_process = require('internal/child_process');
 const {
   _validateStdio,
@@ -425,13 +425,13 @@ function normalizeSpawnArguments(file, args, options) {
   }
 
   // Validate the uid, if present.
-  if (options.uid != null && !Number.isInteger(options.uid)) {
-    throw new ERR_INVALID_ARG_TYPE('options.uid', 'integer', options.uid);
+  if (options.uid != null && !isInt32(options.uid)) {
+    throw new ERR_INVALID_ARG_TYPE('options.uid', 'int32', options.uid);
   }
 
   // Validate the gid, if present.
-  if (options.gid != null && !Number.isInteger(options.gid)) {
-    throw new ERR_INVALID_ARG_TYPE('options.gid', 'integer', options.gid);
+  if (options.gid != null && !isInt32(options.gid)) {
+    throw new ERR_INVALID_ARG_TYPE('options.gid', 'int32', options.gid);
   }
 
   // Validate the shell, if present.

diff --git a/test/parallel/test-child-process-spawn-typeerror.js b/test/parallel/test-child-process-spawn-typeerror.js
@@ -33,7 +33,7 @@ const invalidArgValueError =
   common.expectsError({ code: 'ERR_INVALID_ARG_VALUE', type: TypeError }, 14);
 
 const invalidArgTypeError =
-  common.expectsError({ code: 'ERR_INVALID_ARG_TYPE', type: TypeError }, 10);
+  common.expectsError({ code: 'ERR_INVALID_ARG_TYPE', type: TypeError }, 12);
 
 assert.throws(function() {
   const child = spawn(invalidcmd, 'this is not an array');
@@ -76,6 +76,14 @@ assert.throws(function() {
   spawn(cmd, [], 1);
 }, invalidArgTypeError);
 
+assert.throws(function() {
+  spawn(cmd, [], { uid: 2 ** 63 });
+}, invalidArgTypeError);
+
+assert.throws(function() {
+  spawn(cmd, [], { gid: 2 ** 63 });
+}, invalidArgTypeError);
+
 // Argument types for combinatorics.
 const a = [];
 const o = {};