From 43057595e2956fb911bbf36196c1b40e3a74991f Mon Sep 17 00:00:00 2001
From: James M Snell <jasnell@gmail.com>
Date: Mon, 4 Jan 2021 12:44:33 -0800
Subject: [PATCH] process: passing -1 to setuid/setgid should not abort
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: https://github.com/nodejs/node/issues/32750
Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/36786
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Harshitha K P <harshitha014@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
---
 lib/internal/bootstrap/switches/does_own_process_state.js | 1 +
 test/parallel/test-process-uid-gid.js                     | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/lib/internal/bootstrap/switches/does_own_process_state.js b/lib/internal/bootstrap/switches/does_own_process_state.js
index 5ee7f079d10124..0d60fb1f4595d1 100644
--- a/lib/internal/bootstrap/switches/does_own_process_state.js
+++ b/lib/internal/bootstrap/switches/does_own_process_state.js
@@ -80,6 +80,7 @@ function wrapPosixCredentialSetters(credentials) {
   function wrapIdSetter(type, method) {
     return function(id) {
       validateId(id, 'id');
+      if (typeof id === 'number') id |= 0;
       // Result is 0 on success, 1 if credential is unknown.
       const result = method(id);
       if (result === 1) {
diff --git a/test/parallel/test-process-uid-gid.js b/test/parallel/test-process-uid-gid.js
index 6ca2e009571ef0..0e170620b7f237 100644
--- a/test/parallel/test-process-uid-gid.js
+++ b/test/parallel/test-process-uid-gid.js
@@ -51,6 +51,13 @@ assert.throws(() => {
   message: 'User identifier does not exist: fhqwhgadshgnsdhjsdbkhsdabkfabkveyb'
 });
 
+// Passing -0 shouldn't crash the process
+// Refs: https://github.com/nodejs/node/issues/32750
+try { process.setuid(-0); } catch {}
+try { process.seteuid(-0); } catch {}
+try { process.setgid(-0); } catch {}
+try { process.setegid(-0); } catch {}
+
 // If we're not running as super user...
 if (process.getuid() !== 0) {
   // Should not throw.
@@ -79,6 +86,7 @@ try {
   }
   process.setgid('nogroup');
 }
+
 const newgid = process.getgid();
 assert.notStrictEqual(newgid, oldgid);