Skip to content

Commit

Permalink
inspector: prevent integer overflow in open()
Browse files Browse the repository at this point in the history
PR-URL: #44367
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Kohei Ueno <[email protected]>
  • Loading branch information
tniessen authored and juanarbol committed Oct 10, 2022
1 parent f0f4d37 commit 8452964
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 0 deletions.
9 changes: 9 additions & 0 deletions lib/inspector.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@ const EventEmitter = require('events');
const { queueMicrotask } = require('internal/process/task_queues');
const {
validateCallback,
isUint32,
validateInt32,
validateObject,
validateString,
} = require('internal/validators');
Expand Down Expand Up @@ -167,6 +169,13 @@ function inspectorOpen(port, host, wait) {
if (isEnabled()) {
throw new ERR_INSPECTOR_ALREADY_ACTIVATED();
}
// inspectorOpen() currently does not typecheck its arguments and adding
// such checks would be a potentially breaking change. However, the native
// open() function requires the port to fit into a 16-bit unsigned integer,
// causing an integer overflow otherwise, so we at least need to prevent that.
if (isUint32(port)) {
validateInt32(port, 'port', 0, 65535);
}
open(port, host);
if (wait)
waitForDebugger();
Expand Down
1 change: 1 addition & 0 deletions src/inspector_js_api.cc
Original file line number Diff line number Diff line change
Expand Up @@ -281,6 +281,7 @@ void Open(const FunctionCallbackInfo<Value>& args) {

if (args.Length() > 0 && args[0]->IsUint32()) {
uint32_t port = args[0].As<Uint32>()->Value();
CHECK_LE(port, std::numeric_limits<uint16_t>::max());
ExclusiveAccess<HostPort>::Scoped host_port(agent->host_port());
host_port->set_port(static_cast<int>(port));
}
Expand Down
17 changes: 17 additions & 0 deletions test/parallel/test-inspector-open-port-integer-overflow.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
'use strict';

// Regression test for an integer overflow in inspector.open() when the port
// exceeds the range of an unsigned 16-bit integer.

const common = require('../common');
common.skipIfInspectorDisabled();
common.skipIfWorker();

const assert = require('assert');
const inspector = require('inspector');

assert.throws(() => inspector.open(99999), {
name: 'RangeError',
code: 'ERR_OUT_OF_RANGE',
message: 'The value of "port" is out of range. It must be >= 0 && <= 65535. Received 99999'
});

0 comments on commit 8452964

Please sign in to comment.