Skip to content

Commit c291faa

Browse files
tniessentniessen
committed
fixup! permission: fix some vulnerabilities in fs
1 parent b2e3d74 commit c291faa

File tree

1 file changed

+17
-8
lines changed

1 file changed

+17
-8
lines changed

src/node_file.cc

Lines changed: 17 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,11 @@ using v8::HandleScope;
6464
using v8::Int32;
6565
using v8::Integer;
6666
using v8::Isolate;
67+
using v8::JustVoid;
6768
using v8::Local;
69+
using v8::Maybe;
6870
using v8::MaybeLocal;
71+
using v8::Nothing;
6972
using v8::Number;
7073
using v8::Object;
7174
using v8::ObjectTemplate;
@@ -1949,9 +1952,9 @@ static void ReadDir(const FunctionCallbackInfo<Value>& args) {
19491952
}
19501953
}
19511954

1952-
static inline bool CheckOpenPermissions(Environment* env,
1953-
const BufferValue& path,
1954-
int flags) {
1955+
static inline Maybe<void> CheckOpenPermissions(Environment* env,
1956+
const BufferValue& path,
1957+
int flags) {
19551958
// These flags capture the intention of the open() call.
19561959
const int rwflags = flags & (UV_FS_O_RDONLY | UV_FS_O_WRONLY | UV_FS_O_RDWR);
19571960

@@ -1965,13 +1968,19 @@ static inline bool CheckOpenPermissions(Environment* env,
19651968
auto pathView = path.ToStringView();
19661969
if (rwflags != UV_FS_O_WRONLY) {
19671970
THROW_IF_INSUFFICIENT_PERMISSIONS(
1968-
env, permission::PermissionScope::kFileSystemRead, pathView, false);
1971+
env,
1972+
permission::PermissionScope::kFileSystemRead,
1973+
pathView,
1974+
Nothing<void>());
19691975
}
19701976
if (rwflags != UV_FS_O_RDONLY || write_as_side_effect) {
19711977
THROW_IF_INSUFFICIENT_PERMISSIONS(
1972-
env, permission::PermissionScope::kFileSystemWrite, pathView, false);
1978+
env,
1979+
permission::PermissionScope::kFileSystemWrite,
1980+
pathView,
1981+
Nothing<void>());
19731982
}
1974-
return true;
1983+
return JustVoid();
19751984
}
19761985

19771986
static void Open(const FunctionCallbackInfo<Value>& args) {
@@ -1989,7 +1998,7 @@ static void Open(const FunctionCallbackInfo<Value>& args) {
19891998
CHECK(args[2]->IsInt32());
19901999
const int mode = args[2].As<Int32>()->Value();
19912000

1992-
if (!CheckOpenPermissions(env, path, flags)) return;
2001+
if (CheckOpenPermissions(env, path, flags).IsNothing()) return;
19932002

19942003
FSReqBase* req_wrap_async = GetReqWrap(args, 3);
19952004
if (req_wrap_async != nullptr) { // open(path, flags, mode, req)
@@ -2027,7 +2036,7 @@ static void OpenFileHandle(const FunctionCallbackInfo<Value>& args) {
20272036
CHECK(args[2]->IsInt32());
20282037
const int mode = args[2].As<Int32>()->Value();
20292038

2030-
if (!CheckOpenPermissions(env, path, flags)) return;
2039+
if (CheckOpenPermissions(env, path, flags).IsNothing()) return;
20312040

20322041
FSReqBase* req_wrap_async = GetReqWrap(args, 3);
20332042
if (req_wrap_async != nullptr) { // openFileHandle(path, flags, mode, req)

0 commit comments

Comments
 (0)