From 2b8851c6e12a447b54bde5d0726e7d322f195e05 Mon Sep 17 00:00:00 2001 From: cjihrig Date: Mon, 17 Aug 2020 14:59:58 -0400 Subject: [PATCH] net: validate custom lookup() output This commit adds validation to the IP address returned by the net module's custom DNS lookup() function. --- lib/net.js | 3 +++ test/parallel/test-net-dns-custom-lookup.js | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/lib/net.js b/lib/net.js index 0b32646a43a43e..a2fd8e0deee42b 100644 --- a/lib/net.js +++ b/lib/net.js @@ -1039,6 +1039,9 @@ function lookupAndConnect(self, options) { // calls net.Socket.connect() on it (that's us). There are no event // listeners registered yet so defer the error event to the next tick. process.nextTick(connectErrorNT, self, err); + } else if (!isIP(ip)) { + err = new ERR_INVALID_IP_ADDRESS(ip); + process.nextTick(connectErrorNT, self, err); } else if (addressType !== 4 && addressType !== 6) { err = new ERR_INVALID_ADDRESS_FAMILY(addressType, options.host, diff --git a/test/parallel/test-net-dns-custom-lookup.js b/test/parallel/test-net-dns-custom-lookup.js index c7a01f5fa6faec..a7c05c82b95419 100644 --- a/test/parallel/test-net-dns-custom-lookup.js +++ b/test/parallel/test-net-dns-custom-lookup.js @@ -41,3 +41,14 @@ function check(addressType, cb) { check(4, function() { common.hasIPv6 && check(6); }); + +// Verify that bad lookup() IPs are handled. +{ + net.connect({ + host: 'localhost', + port: 80, + lookup(host, dnsopts, cb) { + cb(null, undefined, 4); + } + }).on('error', common.expectsError({ code: 'ERR_INVALID_IP_ADDRESS' })); +}