process: passing -1 to setuid/setgid should not abort

Fixes: #32750 Signed-off-by: James M Snell <[email protected]> PR-URL: #36786 Reviewed-By: Antoine du Hamel <[email protected]> Reviewed-By: Michaël Zasso <[email protected]> Reviewed-By: Harshitha K P <[email protected]> Reviewed-By: Anto Aravinth <[email protected]>
nodejs · May 1, 2021 · 4305759 · 4305759
1 parent f605bc0
commit 4305759
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/lib/internal/bootstrap/switches/does_own_process_state.js b/lib/internal/bootstrap/switches/does_own_process_state.js
@@ -80,6 +80,7 @@ function wrapPosixCredentialSetters(credentials) {
   function wrapIdSetter(type, method) {
     return function(id) {
       validateId(id, 'id');
+      if (typeof id === 'number') id |= 0;
       // Result is 0 on success, 1 if credential is unknown.
       const result = method(id);
       if (result === 1) {

diff --git a/test/parallel/test-process-uid-gid.js b/test/parallel/test-process-uid-gid.js
@@ -51,6 +51,13 @@ assert.throws(() => {
   message: 'User identifier does not exist: fhqwhgadshgnsdhjsdbkhsdabkfabkveyb'
 });
 
+// Passing -0 shouldn't crash the process
+// Refs: https://github.com/nodejs/node/issues/32750
+try { process.setuid(-0); } catch {}
+try { process.seteuid(-0); } catch {}
+try { process.setgid(-0); } catch {}
+try { process.setegid(-0); } catch {}
+
 // If we're not running as super user...
 if (process.getuid() !== 0) {
   // Should not throw.
@@ -79,6 +86,7 @@ try {
   }
   process.setgid('nogroup');
 }
+
 const newgid = process.getgid();
 assert.notStrictEqual(newgid, oldgid);