From 97858349526ca4c6fdba96d3c07a1e7fc3ec0b83 Mon Sep 17 00:00:00 2001 From: jazelly Date: Wed, 21 Aug 2024 22:02:36 +0930 Subject: [PATCH] net: validate host name for server listen Fixes: https://github.com/nodejs/node/issues/54441 Co-authored-by: Luigi Pinca --- lib/net.js | 5 +++++ test/parallel/test-net-server-listen-options.js | 8 ++++++++ 2 files changed, 13 insertions(+) diff --git a/lib/net.js b/lib/net.js index 4de6f9c5f6f23a..8a8f87319ac2a5 100644 --- a/lib/net.js +++ b/lib/net.js @@ -35,6 +35,7 @@ const { NumberParseInt, ObjectDefineProperty, ObjectSetPrototypeOf, + RegExpPrototypeExec, Symbol, SymbolAsyncDispose, SymbolDispose, @@ -2019,6 +2020,10 @@ Server.prototype.listen = function(...args) { toNumber(args.length > 2 && args[2]); // (port, host, backlog) options = options._handle || options.handle || options; + if (typeof options.host === 'string' && RegExpPrototypeExec(/^[a-zA-Z0-9-:%.]+$/, options.host) === null) { + throw new ERR_INVALID_ARG_VALUE('host', options.host); + } + const flags = getFlags(options.ipv6Only); // Refresh the id to make the previous call invalid this._listeningId++; diff --git a/test/parallel/test-net-server-listen-options.js b/test/parallel/test-net-server-listen-options.js index 7e306af8ab082f..c27a1913f958db 100644 --- a/test/parallel/test-net-server-listen-options.js +++ b/test/parallel/test-net-server-listen-options.js @@ -66,6 +66,13 @@ const listenOnPort = [ name: 'TypeError', message: /^The argument 'options' must have the property "port" or "path"\. Received .+$/, }); + } else if (typeof options.host === 'string' && !options.host.match(/^[a-zA-Z0-9-:%.]+$/)) { + assert.throws(fn, + { + code: 'ERR_INVALID_ARG_VALUE', + name: 'TypeError', + message: /^The argument 'host' is invalid\. Received .+$/, + }); } else { assert.throws(fn, { @@ -91,4 +98,5 @@ const listenOnPort = [ shouldFailToListen({ host: 'localhost:3000' }); shouldFailToListen({ host: { port: 3000 } }); shouldFailToListen({ exclusive: true }); + shouldFailToListen({ host: '[::]', port: 3000 }); }