lib: reject string "0" in validatePort when allowZero is false

The allowZero guard compared the raw value with `port === 0`, but
validatePort accepts strings and coerces them with `+port` in every
other clause. Since `'0' === 0` is false, string forms of zero
('0', ' 0 ', '00', '0x0', ...) slipped past the guard when
allowZero was false, while the numeric 0 was correctly rejected.

This is reachable via dgram's send(), connect(), and bind(), which
call validatePort(port, 'Port', false): passing '0' was silently
accepted instead of throwing ERR_SOCKET_BAD_PORT.

Coerce the value with `+port` so the zero check matches the rest of
the validation.

Signed-off-by: Daijiro Wachi <daijiro.wachi@gmail.com>

Author: watilde

lib/internal/validators.js

@@ -438,7 +438,7 @@ const validatePort = hideStackFrames((port, name = 'Port', allowZero = true) =>
       (typeof port === 'string' && StringPrototypeTrim(port).length === 0) ||
       +port !== (+port >>> 0) ||
       port > 0xFFFF ||
-      (port === 0 && !allowZero)) {
+      (+port === 0 && !allowZero)) {
     throw new ERR_SOCKET_BAD_PORT(name, port, allowZero);
   }
   return port | 0;

test/parallel/test-internal-validators-validateport.js

@@ -21,3 +21,17 @@ for (let n = 0; n <= 0xFFFF; n++) {
 ].forEach((i) => assert.throws(() => validatePort(i), {
   code: 'ERR_SOCKET_BAD_PORT'
 }));
+
+// When allowZero is false, every form of zero must be rejected, including
+// the string forms that coerce to 0. Refs: the zero check must coerce the
+// value the same way the rest of the validation does (`+port`).
+[
+  0, '0', ' 0 ', '00', '0x0', '0o0', '0b0',
+].forEach((i) => assert.throws(() => validatePort(i, 'Port', false), {
+  code: 'ERR_SOCKET_BAD_PORT'
+}));
+
+// With allowZero left at its default (true), those same values are accepted.
+[
+  0, '0', ' 0 ', '00', '0x0', '0o0', '0b0',
+].forEach((i) => assert.strictEqual(validatePort(i), 0));