Skip to content

Commit

Permalink
net: Validate port in createServer().listen()
Browse files Browse the repository at this point in the history
Make sure we validate the port number in all kinds of `listen()` calls.

Fixes: #5727
PR-URL: #5732
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
  • Loading branch information
dirceu authored and jasnell committed Apr 26, 2016
1 parent 451f4fc commit c32c889
Show file tree
Hide file tree
Showing 5 changed files with 39 additions and 20 deletions.
8 changes: 7 additions & 1 deletion lib/internal/net.js
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
'use strict';

module.exports = { isLegalPort };
module.exports = { isLegalPort, assertPort };

// Check that the port number is not NaN when coerced to a number,
// is an integer and that it falls within the legal range of port numbers.
Expand All @@ -10,3 +10,9 @@ function isLegalPort(port) {
return false;
return +port === (+port >>> 0) && port <= 0xFFFF;
}


function assertPort(port) {
if (typeof port !== 'undefined' && !isLegalPort(port))
throw new RangeError('"port" argument must be >= 0 and < 65536');
}
7 changes: 4 additions & 3 deletions lib/net.js
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ var cluster;
const errnoException = util._errnoException;
const exceptionWithHostPort = util._exceptionWithHostPort;
const isLegalPort = internalNet.isLegalPort;
const assertPort = internalNet.assertPort;

function noop() {}

Expand Down Expand Up @@ -1352,9 +1353,7 @@ Server.prototype.listen = function() {
(typeof h.port === 'undefined' && 'port' in h)) {
// Undefined is interpreted as zero (random port) for consistency
// with net.connect().
if (typeof h.port !== 'undefined' && !isLegalPort(h.port))
throw new RangeError('"port" option should be >= 0 and < 65536: ' +
h.port);
assertPort(h.port);
if (h.host)
listenAfterLookup(h.port | 0, h.host, backlog, h.exclusive);
else
Expand All @@ -1375,10 +1374,12 @@ Server.prototype.listen = function() {
typeof arguments[1] === 'function' ||
typeof arguments[1] === 'number') {
// The first argument is the port, no IP given.
assertPort(port);
listen(self, null, port, 4, backlog);

} else {
// The first argument is the port, the second an IP.
assertPort(port);
listenAfterLookup(port, arguments[1], backlog);
}

Expand Down
2 changes: 1 addition & 1 deletion test/parallel/test-net-listen-port-option.js
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ net.Server().listen({ port: '' + common.PORT }, close);
].forEach(function(port) {
assert.throws(function() {
net.Server().listen({ port: port }, assert.fail);
}, /"port" option should be >= 0 and < 65536/i);
}, /"port" argument must be >= 0 and < 65536/i);
});

[null, true, false].forEach(function(port) {
Expand Down
27 changes: 27 additions & 0 deletions test/parallel/test-regress-GH-5727.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
'use strict';
const common = require('../common');
const assert = require('assert');
const net = require('net');

const invalidPort = -1 >>> 0;
const errorMessage = /"port" argument must be \>= 0 and \< 65536/;

net.Server().listen(common.PORT, function() {
assert.equal(this._connectionKey, '6::::' + common.PORT);
this.close();
});

// The first argument is a configuration object
assert.throws(() => {
net.Server().listen({ port: invalidPort }, common.fail);
}, errorMessage);

// The first argument is the port, no IP given.
assert.throws(() => {
net.Server().listen(invalidPort, common.fail);
}, errorMessage);

// The first argument is the port, the second an IP.
assert.throws(() => {
net.Server().listen(invalidPort, '0.0.0.0', common.fail);
}, errorMessage);
15 changes: 0 additions & 15 deletions test/sequential/test-net-server-address.js
Original file line number Diff line number Diff line change
Expand Up @@ -87,18 +87,3 @@ server3.listen(0, function() {
assert.strictEqual(address.family, family_ipv6);
server3.close();
});

// Test without hostname, but with port -1
var server4 = net.createServer();

server4.on('error', function(e) {
console.log('Error on ip socket: ' + e.toString());
});

// Specify -1 as port number
server4.listen(-1, function() {
var address = server4.address();
assert.strictEqual(address.address, anycast_ipv6);
assert.strictEqual(address.family, family_ipv6);
server4.close();
});

0 comments on commit c32c889

Please sign in to comment.