From 0c2960ef4ab83f0eef2fc60c2575403c33ba4c6b Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Fri, 9 Aug 2013 02:33:40 +0200 Subject: [PATCH] dgram: fix assertion on bad send() arguments Add range checks for the offset, length and port arguments to dgram.Socket#send(). Fixes the following assertion: node: ../../src/udp_wrap.cc:264: static v8::Handle node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion `offset < Buffer::Length(buffer_obj)' failed. And: node: ../../src/udp_wrap.cc:265: static v8::Handle node::UDPWrap::DoSend(const v8::Arguments&, int): Assertion `length <= Buffer::Length(buffer_obj) - offset' failed. Interestingly enough, a negative port number was accepted until now but silently ignored. (In other words, it would send the datagram to a random port.) This commit exposed a bug in the simple/test-dgram-close test which has also been fixed. This is a back-port of commit 41ec6d0 from the master branch. Fixes #6025. --- lib/dgram.js | 18 ++++++++- test/simple/test-dgram-close.js | 3 +- test/simple/test-dgram-send-bad-arguments.js | 40 ++++++++++++++++++++ 3 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 test/simple/test-dgram-send-bad-arguments.js diff --git a/lib/dgram.js b/lib/dgram.js index 05997810e60792..379bba9e530985 100644 --- a/lib/dgram.js +++ b/lib/dgram.js @@ -244,11 +244,25 @@ Socket.prototype.send = function(buffer, if (!Buffer.isBuffer(buffer)) throw new TypeError('First argument must be a buffer object.'); + offset = offset | 0; + if (offset < 0) + throw new RangeError('Offset should be >= 0'); + if (offset >= buffer.length) - throw new Error('Offset into buffer too large'); + throw new RangeError('Offset into buffer too large'); + + // Sending a zero-length datagram is kind of pointless but it _is_ + // allowed, hence check that length >= 0 rather than > 0. + length = length | 0; + if (length < 0) + throw new RangeError('Length should be >= 0'); if (offset + length > buffer.length) - throw new Error('Offset + length beyond buffer length'); + throw new RangeError('Offset + length beyond buffer length'); + + port = port | 0; + if (port <= 0 || port > 65535) + throw new RangeError('Port should be > 0 and < 65536'); callback = callback || noop; diff --git a/test/simple/test-dgram-close.js b/test/simple/test-dgram-close.js index 58d7aa786c920b..90ba05a2ca13ef 100644 --- a/test/simple/test-dgram-close.js +++ b/test/simple/test-dgram-close.js @@ -30,6 +30,5 @@ var buf = new Buffer(1024); buf.fill(42); var socket = dgram.createSocket('udp4'); - -socket.send(buf, 0, buf.length, common.port, 'localhost'); +socket.send(buf, 0, buf.length, common.PORT, 'localhost'); socket.close(); diff --git a/test/simple/test-dgram-send-bad-arguments.js b/test/simple/test-dgram-send-bad-arguments.js new file mode 100644 index 00000000000000..a9a12d4581530f --- /dev/null +++ b/test/simple/test-dgram-send-bad-arguments.js @@ -0,0 +1,40 @@ +// Copyright Joyent, Inc. and other Node contributors. +// +// Permission is hereby granted, free of charge, to any person obtaining a +// copy of this software and associated documentation files (the +// "Software"), to deal in the Software without restriction, including +// without limitation the rights to use, copy, modify, merge, publish, +// distribute, sublicense, and/or sell copies of the Software, and to permit +// persons to whom the Software is furnished to do so, subject to the +// following conditions: +// +// The above copyright notice and this permission notice shall be included +// in all copies or substantial portions of the Software. +// +// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS +// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN +// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, +// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR +// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE +// USE OR OTHER DEALINGS IN THE SOFTWARE. + +var common = require('../common'); +var assert = require('assert'); +var dgram = require('dgram'); + +var buf = Buffer('test'); +var host = '127.0.0.1'; +var sock = dgram.createSocket('udp4'); + +assert.throws(function() { + sock.send(); +}, TypeError); // First argument should be a buffer. + +assert.throws(function() { sock.send(buf, -1, 1, 1, host); }, RangeError); +assert.throws(function() { sock.send(buf, 1, -1, 1, host); }, RangeError); +assert.throws(function() { sock.send(buf, 1, 1, -1, host); }, RangeError); +assert.throws(function() { sock.send(buf, 5, 1, 1, host); }, RangeError); +assert.throws(function() { sock.send(buf, 1, 5, 1, host); }, RangeError); +assert.throws(function() { sock.send(buf, 1, 1, 0, host); }, RangeError); +assert.throws(function() { sock.send(buf, 1, 1, 65536, host); }, RangeError);