inspector: prevent integer overflow in open()

PR-URL: https://github.com/nodejs/node/pull/44367 Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Richard Lau <rlau@redhat.com> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Kohei Ueno <kohei.ueno119@gmail.com>
author: Tobias Nießen <tniessen@tnie.de> 2022-08-25 23:32:14 +0300
committer: Juan José Arboleda <soyjuanarbol@gmail.com> 2022-10-11 22:45:21 +0300
commit: c736927b0b57e5a091f73246249bdb3614b1fba7 (patch)
tree: e0d60b42ef2b7dce65c8c84470de04a70e8d50a2 /lib
parent: 381e11e18e20e7d10ce29c019df28573cc4594fc (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/inspector.js b/lib/inspector.js
index 46779a0ec21..dafc4ef4932 100644
--- a/lib/inspector.js
+++ b/lib/inspector.js
@@ -26,6 +26,8 @@ const EventEmitter = require('events');
 const { queueMicrotask } = require('internal/process/task_queues');
 const {
   validateCallback,
+  isUint32,
+  validateInt32,
   validateObject,
   validateString,
 } = require('internal/validators');
@@ -167,6 +169,13 @@ function inspectorOpen(port, host, wait) {
   if (isEnabled()) {
     throw new ERR_INSPECTOR_ALREADY_ACTIVATED();
   }
+  // inspectorOpen() currently does not typecheck its arguments and adding
+  // such checks would be a potentially breaking change. However, the native
+  // open() function requires the port to fit into a 16-bit unsigned integer,
+  // causing an integer overflow otherwise, so we at least need to prevent that.
+  if (isUint32(port)) {
+    validateInt32(port, 'port', 0, 65535);
+  }
   open(port, host);
   if (wait)
     waitForDebugger();
author	Tobias Nießen <tniessen@tnie.de>	2022-08-25 23:32:14 +0300
committer	Juan José Arboleda <soyjuanarbol@gmail.com>	2022-10-11 22:45:21 +0300
commit	c736927b0b57e5a091f73246249bdb3614b1fba7 (patch)
tree	e0d60b42ef2b7dce65c8c84470de04a70e8d50a2 /lib
parent	381e11e18e20e7d10ce29c019df28573cc4594fc (diff)