fixup! permission: fix some vulnerabilities in fs

nodejs · Mar 15, 2023 · c291faa · c291faa
1 parent b2e3d74
commit c291faa
Showing 1 changed file with 17 additions and 8 deletions.
diff --git a/src/node_file.cc b/src/node_file.cc
@@ -64,8 +64,11 @@ using v8::HandleScope;
 using v8::Int32;
 using v8::Integer;
 using v8::Isolate;
+using v8::JustVoid;
 using v8::Local;
+using v8::Maybe;
 using v8::MaybeLocal;
+using v8::Nothing;
 using v8::Number;
 using v8::Object;
 using v8::ObjectTemplate;
@@ -1949,9 +1952,9 @@ static void ReadDir(const FunctionCallbackInfo<Value>& args) {
   }
 }
 
-static inline bool CheckOpenPermissions(Environment* env,
-                                        const BufferValue& path,
-                                        int flags) {
+static inline Maybe<void> CheckOpenPermissions(Environment* env,
+                                               const BufferValue& path,
+                                               int flags) {
   // These flags capture the intention of the open() call.
   const int rwflags = flags & (UV_FS_O_RDONLY | UV_FS_O_WRONLY | UV_FS_O_RDWR);
 
@@ -1965,13 +1968,19 @@ static inline bool CheckOpenPermissions(Environment* env,
   auto pathView = path.ToStringView();
   if (rwflags != UV_FS_O_WRONLY) {
     THROW_IF_INSUFFICIENT_PERMISSIONS(
-        env, permission::PermissionScope::kFileSystemRead, pathView, false);
+        env,
+        permission::PermissionScope::kFileSystemRead,
+        pathView,
+        Nothing<void>());
   }
   if (rwflags != UV_FS_O_RDONLY || write_as_side_effect) {
     THROW_IF_INSUFFICIENT_PERMISSIONS(
-        env, permission::PermissionScope::kFileSystemWrite, pathView, false);
+        env,
+        permission::PermissionScope::kFileSystemWrite,
+        pathView,
+        Nothing<void>());
   }
-  return true;
+  return JustVoid();
 }
 
 static void Open(const FunctionCallbackInfo<Value>& args) {
@@ -1989,7 +1998,7 @@ static void Open(const FunctionCallbackInfo<Value>& args) {
   CHECK(args[2]->IsInt32());
   const int mode = args[2].As<Int32>()->Value();
 
-  if (!CheckOpenPermissions(env, path, flags)) return;
+  if (CheckOpenPermissions(env, path, flags).IsNothing()) return;
 
   FSReqBase* req_wrap_async = GetReqWrap(args, 3);
   if (req_wrap_async != nullptr) {  // open(path, flags, mode, req)
@@ -2027,7 +2036,7 @@ static void OpenFileHandle(const FunctionCallbackInfo<Value>& args) {
   CHECK(args[2]->IsInt32());
   const int mode = args[2].As<Int32>()->Value();
 
-  if (!CheckOpenPermissions(env, path, flags)) return;
+  if (CheckOpenPermissions(env, path, flags).IsNothing()) return;
 
   FSReqBase* req_wrap_async = GetReqWrap(args, 3);
   if (req_wrap_async != nullptr) {  // openFileHandle(path, flags, mode, req)