diff --git a/lib/inspector.js b/lib/inspector.js index 5ffb2d9d6658e0..b0ab2b8517451c 100644 --- a/lib/inspector.js +++ b/lib/inspector.js @@ -25,7 +25,9 @@ if (!hasInspector) const EventEmitter = require('events'); const { queueMicrotask } = require('internal/process/task_queues'); const { + isUint32, validateFunction, + validateInt32, validateObject, validateString, } = require('internal/validators'); @@ -168,6 +170,13 @@ function inspectorOpen(port, host, wait) { if (isEnabled()) { throw new ERR_INSPECTOR_ALREADY_ACTIVATED(); } + // inspectorOpen() currently does not typecheck its arguments and adding + // such checks would be a potentially breaking change. However, the native + // open() function requires the port to fit into a 16-bit unsigned integer, + // causing an integer overflow otherwise, so we at least need to prevent that. + if (isUint32(port)) { + validateInt32(port, 'port', 0, 65535); + } open(port, host); if (wait) waitForDebugger(); diff --git a/src/inspector_js_api.cc b/src/inspector_js_api.cc index dd05a5b9c3ffd0..4d675da4719aa1 100644 --- a/src/inspector_js_api.cc +++ b/src/inspector_js_api.cc @@ -281,6 +281,7 @@ void Open(const FunctionCallbackInfo& args) { if (args.Length() > 0 && args[0]->IsUint32()) { uint32_t port = args[0].As()->Value(); + CHECK_LE(port, std::numeric_limits::max()); ExclusiveAccess::Scoped host_port(agent->host_port()); host_port->set_port(static_cast(port)); } diff --git a/test/parallel/test-inspector-open-port-integer-overflow.js b/test/parallel/test-inspector-open-port-integer-overflow.js new file mode 100644 index 00000000000000..0f9a4799d0642a --- /dev/null +++ b/test/parallel/test-inspector-open-port-integer-overflow.js @@ -0,0 +1,17 @@ +'use strict'; + +// Regression test for an integer overflow in inspector.open() when the port +// exceeds the range of an unsigned 16-bit integer. + +const common = require('../common'); +common.skipIfInspectorDisabled(); +common.skipIfWorker(); + +const assert = require('assert'); +const inspector = require('inspector'); + +assert.throws(() => inspector.open(99999), { + name: 'RangeError', + code: 'ERR_OUT_OF_RANGE', + message: 'The value of "port" is out of range. It must be >= 0 && <= 65535. Received 99999' +});