jiangcuo/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-05-07 23:17:19 +00:00
Code Issues Actions 12 Packages Projects Releases Wiki Activity
e35e893d26
node/lib/internal/bootstrap/switches/does_own_process_state.js
Tobias Nießen 997334c949
process: fix uid/gid validation to avoid crash 
id |= 0 turns unsigned 32-bit integer values exceeding the unsigned
31-bit range into negative integers, causing a crash. Use id >>>= 0
instead, which works properly for all unsigned 32-bit integers.

Refs: https://github.com/nodejs/node/pull/36786
PR-URL: https://github.com/nodejs/node/pull/44910
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Erick Wendel <erick.workspace@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
2022-10-10 01:12:15 +00:00

129 lines
3.3 KiB
JavaScript
Raw Blame History

'use strict';
const credentials = internalBinding('credentials');
const rawMethods = internalBinding('process_methods');
process.abort = rawMethods.abort;
process.umask = wrappedUmask;
process.chdir = wrappedChdir;
process.cwd = wrappedCwd;
if (credentials.implementsPosixCredentials) {
const wrapped = wrapPosixCredentialSetters(credentials);
process.initgroups = wrapped.initgroups;
process.setgroups = wrapped.setgroups;
process.setegid = wrapped.setegid;
process.seteuid = wrapped.seteuid;
process.setgid = wrapped.setgid;
process.setuid = wrapped.setuid;
}
// ---- keep the attachment of the wrappers above so that it's easier to ----
// ---- compare the setups side-by-side -----
const {
parseFileMode,
validateArray,
validateString
} = require('internal/validators');
function wrapPosixCredentialSetters(credentials) {
const {
codes: {
ERR_INVALID_ARG_TYPE,
ERR_UNKNOWN_CREDENTIAL
}
} = require('internal/errors');
const {
validateUint32
} = require('internal/validators');
const {
initgroups: _initgroups,
setgroups: _setgroups,
setegid: _setegid,
seteuid: _seteuid,
setgid: _setgid,
setuid: _setuid
} = credentials;
function initgroups(user, extraGroup) {
validateId(user, 'user');
validateId(extraGroup, 'extraGroup');
// Result is 0 on success, 1 if user is unknown, 2 if group is unknown.
const result = _initgroups(user, extraGroup);
if (result === 1) {
throw new ERR_UNKNOWN_CREDENTIAL('User', user);
} else if (result === 2) {
throw new ERR_UNKNOWN_CREDENTIAL('Group', extraGroup);
}
}
function setgroups(groups) {
validateArray(groups, 'groups');
for (let i = 0; i < groups.length; i++) {
validateId(groups[i], `groups[${i}]`);
}
// Result is 0 on success. A positive integer indicates that the
// corresponding group was not found.
const result = _setgroups(groups);
if (result > 0) {
throw new ERR_UNKNOWN_CREDENTIAL('Group', groups[result - 1]);
}
}
function wrapIdSetter(type, method) {
return function(id) {
validateId(id, 'id');
if (typeof id === 'number') id >>>= 0;
// Result is 0 on success, 1 if credential is unknown.
const result = method(id);
if (result === 1) {
throw new ERR_UNKNOWN_CREDENTIAL(type, id);
}
};
}
function validateId(id, name) {
if (typeof id === 'number') {
validateUint32(id, name);
} else if (typeof id !== 'string') {
throw new ERR_INVALID_ARG_TYPE(name, ['number', 'string'], id);
}
}
return {
initgroups,
setgroups,
setegid: wrapIdSetter('Group', _setegid),
seteuid: wrapIdSetter('User', _seteuid),
setgid: wrapIdSetter('Group', _setgid),
setuid: wrapIdSetter('User', _setuid)
};
}
// Cache the working directory to prevent lots of lookups. If the working
// directory is changed by `chdir`, it'll be updated.
let cachedCwd = '';
function wrappedChdir(directory) {
validateString(directory, 'directory');
rawMethods.chdir(directory);
// Mark cache that it requires an update.
cachedCwd = '';
}
function wrappedUmask(mask) {
if (mask !== undefined) {
mask = parseFileMode(mask, 'mask');
}
return rawMethods.umask(mask);
}
function wrappedCwd() {
if (cachedCwd === '')
cachedCwd = rawMethods.cwd();
return cachedCwd;
}
Reference in New Issue View Git Blame Copy Permalink