net: validate fds passed to Socket constructor

This commit validates the file descriptor passed to the TTY
wrap's guessHandleType() function. Prior to this commit, a bad
file descriptor would trigger an abort in the binding layer.

PR-URL: #21429
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Minwoo Jung <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Santiago Gimeno <[email protected]>
Reviewed-By: Ruben Bridgewater <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Trivikram Kamat <[email protected]>

Author: cjihrig

lib/net.js

@@ -75,7 +75,7 @@ const {
   ERR_SOCKET_BAD_PORT,
   ERR_SOCKET_CLOSED
 } = errors.codes;
-
+const { validateInt32 } = require('internal/validators');
 const kLastWriteQueueSize = Symbol('lastWriteQueueSize');
 
 // Lazy loaded to improve startup performance.
@@ -93,6 +93,7 @@ const {
 function noop() {}
 
 function createHandle(fd, is_server) {
+  validateInt32(fd, 'fd', 0);
   const type = TTYWrap.guessHandleType(fd);
   if (type === 'PIPE') {
     return new Pipe(

test/parallel/test-net-socket-constructor.js

@@ -4,6 +4,14 @@ const common = require('../common');
 const assert = require('assert');
 const net = require('net');
 
+common.expectsError(() => {
+  new net.Socket({ fd: -1 });
+}, { code: 'ERR_OUT_OF_RANGE' });
+
+common.expectsError(() => {
+  new net.Socket({ fd: 'foo' });
+}, { code: 'ERR_INVALID_ARG_TYPE' });
+
 function test(sock, readable, writable) {
   let socket;
   if (sock instanceof net.Socket) {