dgram: fix assertion on bad send() arguments

Add range checks for the offset, length and port arguments to
dgram.Socket#send().  Fixes the following assertion:

    node: ../../src/udp_wrap.cc:264: static v8::Handle<v8::Value>
    node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion
    `offset < Buffer::Length(buffer_obj)' failed.

And:

    node: ../../src/udp_wrap.cc:265: static v8::Handle<v8::Value>
    node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion
    `length <= Buffer::Length(buffer_obj) - offset' failed.

Interestingly enough, a negative port number was accepted until now but
silently ignored.  (In other words, it would send the datagram to a
random port.)

This commit exposed a bug in the simple/test-dgram-close test which
has also been fixed.

This is a back-port of commit 41ec6d0 from the master branch.

Fixes #6025.

1 files changed, 16 insertions, 2 deletions

diff --git a/lib/dgram.js b/lib/dgram.js
index 05997810e6..379bba9e53 100644
--- a/lib/dgram.js
+++ b/lib/dgram.js
@@ -244,11 +244,25 @@ Socket.prototype.send = function(buffer,
   if (!Buffer.isBuffer(buffer))
     throw new TypeError('First argument must be a buffer object.');
 
+  offset = offset | 0;
+  if (offset < 0)
+    throw new RangeError('Offset should be >= 0');
+
   if (offset >= buffer.length)
-    throw new Error('Offset into buffer too large');
+    throw new RangeError('Offset into buffer too large');
+
+  // Sending a zero-length datagram is kind of pointless but it _is_
+  // allowed, hence check that length >= 0 rather than > 0.
+  length = length | 0;
+  if (length < 0)
+    throw new RangeError('Length should be >= 0');
 
   if (offset + length > buffer.length)
-    throw new Error('Offset + length beyond buffer length');
+    throw new RangeError('Offset + length beyond buffer length');
+
+  port = port | 0;
+  if (port <= 0 || port > 65535)
+    throw new RangeError('Port should be > 0 and < 65536');
 
   callback = callback || noop;