- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 33.5k
child_process: Add nullptr checks after allocations #6256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
        
          
                src/process_wrap.cc
              
                Outdated
          
        
      There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this logic is entirely correct (but neither is the existing logic.)  People sometimes pass e.g. { uid: -2 } but this check would reject that.
(Also, there's a narrowing conversion two lines up when sizeof(int32_t) > sizeof(uv_uid_t).  That's mostly academical, though.)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
People sometimes pass e.g.
{ uid: -2 }but this check would reject that.
This check would reject that iff uv_uid_t is unsigned, which is kind of the point here… or am I missing something?
And yes, that the conversion is narrowing is intentional – the goal is to see whether the value is still the “same” after converting to uv_uid_t.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
uv_uid_t is unsigned on most platforms (all supported platforms, actually) but e.g. on OS X, the entry for user nobody looks like this:
$ grep nobody /etc/passwd 
nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false
Passing that works (or should work) because signed-to-unsigned conversion of -2 is UINT_MAX-1 (and has well-defined behavior; the other way around is implementation-defined behavior.)
I remember we've had to rework similar uid/gid checks because they broke working code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@bnoordhuis Okay, I’m removing these changes then. Thanks for the explanation!
071f697    to
    4daebc1      
    Compare
  
    | LGTM.  Commit log nit:  | 
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes.
4daebc1    to
    1cf6bf7      
    Compare
  
    | LGTM | 
| @addaleax ... this one too? ;-) | 
| Sure. 😄 Landed in 29ca969. :) | 
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
| Thanks! :-) | 
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: nodejs#6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Add `CHECK_NE(·, nullptr)` after allocations made when spawning child processes. PR-URL: #6256 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Colin Ihrig <[email protected]>
Checklist
Affected core subsystem(s)
child_process
Description of change
Make sure that the out-of-range tests for setting the uid/gid work whenuid_t/gid_tare unsigned types (e.g. Linux) and the supplied value is negative, to the degree to which that is possible.