diff options
author | Tobias Nießen <tniessen@tnie.de> | 2022-08-25 23:32:14 +0300 |
---|---|---|
committer | Juan José Arboleda <soyjuanarbol@gmail.com> | 2022-10-11 22:45:21 +0300 |
commit | c736927b0b57e5a091f73246249bdb3614b1fba7 (patch) | |
tree | e0d60b42ef2b7dce65c8c84470de04a70e8d50a2 /lib | |
parent | 381e11e18e20e7d10ce29c019df28573cc4594fc (diff) |
inspector: prevent integer overflow in open()
PR-URL: https://github.com/nodejs/node/pull/44367
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/inspector.js | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/inspector.js b/lib/inspector.js index 46779a0ec21..dafc4ef4932 100644 --- a/lib/inspector.js +++ b/lib/inspector.js @@ -26,6 +26,8 @@ const EventEmitter = require('events'); const { queueMicrotask } = require('internal/process/task_queues'); const { validateCallback, + isUint32, + validateInt32, validateObject, validateString, } = require('internal/validators'); @@ -167,6 +169,13 @@ function inspectorOpen(port, host, wait) { if (isEnabled()) { throw new ERR_INSPECTOR_ALREADY_ACTIVATED(); } + // inspectorOpen() currently does not typecheck its arguments and adding + // such checks would be a potentially breaking change. However, the native + // open() function requires the port to fit into a 16-bit unsigned integer, + // causing an integer overflow otherwise, so we at least need to prevent that. + if (isUint32(port)) { + validateInt32(port, 'port', 0, 65535); + } open(port, host); if (wait) waitForDebugger(); |