Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Node js internal assertion error in socket #50841

Closed
CCDi opened this issue Nov 21, 2023 · 5 comments · Fixed by #51826
Closed

Node js internal assertion error in socket #50841

CCDi opened this issue Nov 21, 2023 · 5 comments · Fixed by #51826
Labels
net Issues and PRs related to the net subsystem.

Comments

@CCDi
Copy link

CCDi commented Nov 21, 2023

Version

v21.2.0

Platform

Darwin 22.6.0 Darwin Kernel Version 22.6.0:; RELEASE_ARM64_T6020 arm64

Subsystem

socket

What steps will reproduce the bug?

In a js file, copy and paste

const express = require('express');
const request = require('request');
const ssrfFilter = require('ssrf-req-filter');

const app = express();
const port = 3000;

app.get('/put/url/data/filter/:domain', (req, res) => {
    var url = `http://${req.params["domain"]}`;

    var results = request({
        uri: url,
        agent: ssrfFilter(url)
    }, function (error, response, body) {
        console.error('error:', error);
        console.log('statusCode:', response && response.statusCode);
    });

    return results.body;
});

app.listen(port, () => console.log("Example"));

In terminal (1), run node <name of file>.

In terminal (2), make a request to the application by starting python with:

import requests
requests.get("http://127.0.0.1:3000/put/url/data/filter/10.0.0.2.nip.io")

How often does it reproduce? Is there a required condition?

Every time

What is the expected behavior? Why is that the expected behavior?

The expected behavior is that an error that is not an ERR_INTERNAL_ASSERTION is thrown (the error Call to address is blocked in https://github.com/y-mehta/ssrf-req-filter/blob/e45da7cd5f1ede17b0237dcd7daa83a85e07afd6/lib/index.js#L38C7-L38C13 is thrown)

I suspect this is caused by assert(self.connecting)

What do you see instead?

node:internal/assert:14
throw new ERR_INTERNAL_ASSERTION(message);
^

Error [ERR_INTERNAL_ASSERTION]: This is caused by either a bug in Node.js or incorrect usage of Node.js internals.
Please open an issue with this stack trace at https://github.com/nodejs/node/issues

at assert (node:internal/assert:14:11)
at internalConnect (node:net:1037:3)
at defaultTriggerAsyncIdScope (node:internal/async_hooks:464:18)
at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1481:9)
at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:130:8) {

code: 'ERR_INTERNAL_ASSERTION'
}

Additional information

No response

@CCDi CCDi changed the title Node js internal assertion error Node js internal assertion error in socket Nov 21, 2023
@tniessen
Copy link
Member

Possibly related to #44731. cc @ShogunPanda

@tniessen tniessen added the net Issues and PRs related to the net subsystem. label Nov 21, 2023
@ShogunPanda
Copy link
Contributor

@tniessen I'm not sure this time. As you can see, there are no internalConnectMultiple calls or similar in the stack trace (which are usually a sign of the network family auto selection bug.

@theanarkh
Copy link
Contributor

The lookup event here causes the socket to close. The crash occurred later when the connection was initiated.

@theanarkh
Copy link
Contributor

As a workaround. I think you can run your app with --no-network-family-autoselection(node --no-network-family-autoselection xxx.js)
or

request({
  autoSelectFamily: false, // autoSelectFamily is not a standard parameter but it will be passed to net.connect
},

@ShogunPanda
Copy link
Contributor

ShogunPanda commented Feb 22, 2024

@theanarkh Looking at the original repo, there is no internalConnectMultiple call involved. Why do you say the problem is there?

Nevermind, I just saw the PR.

nodejs-github-bot pushed a commit that referenced this issue Feb 27, 2024
PR-URL: #51826
Fixes: #50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
marco-ippolito pushed a commit that referenced this issue Feb 29, 2024
PR-URL: #51826
Fixes: #50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
marco-ippolito pushed a commit that referenced this issue Feb 29, 2024
PR-URL: #51826
Fixes: #50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
richardlau pushed a commit that referenced this issue Mar 25, 2024
PR-URL: #51826
Fixes: #50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
richardlau pushed a commit that referenced this issue Mar 25, 2024
PR-URL: #51826
Fixes: #50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
rdw-msft pushed a commit to rdw-msft/node that referenced this issue Mar 26, 2024
PR-URL: nodejs#51826
Fixes: nodejs#50841
Reviewed-By: Paolo Insogna <paolo@cowtech.it>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
net Issues and PRs related to the net subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants