From 90abdd3dd464d564371a64316a0d650b41ad47fb Mon Sep 17 00:00:00 2001 From: cjihrig Date: Mon, 17 Aug 2020 14:59:58 -0400 Subject: [PATCH] net: validate custom lookup() output MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit adds validation to the IP address returned by the net module's custom DNS lookup() function. PR-URL: https://github.com/nodejs/node/pull/34813 Fixes: https://github.com/nodejs/node/issues/34812 Reviewed-By: Anna Henningsen Reviewed-By: James M Snell Reviewed-By: Richard Lau Reviewed-By: Yongsheng Zhang Reviewed-By: Matteo Collina Reviewed-By: Michaƫl Zasso Reviewed-By: Ricky Zhou <0x19951125@gmail.com> Reviewed-By: Luigi Pinca --- lib/net.js | 3 +++ test/parallel/test-net-dns-custom-lookup.js | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/lib/net.js b/lib/net.js index aebe9418b62c85..d06a1e18e556ea 100644 --- a/lib/net.js +++ b/lib/net.js @@ -1051,6 +1051,9 @@ function lookupAndConnect(self, options) { // calls net.Socket.connect() on it (that's us). There are no event // listeners registered yet so defer the error event to the next tick. process.nextTick(connectErrorNT, self, err); + } else if (!isIP(ip)) { + err = new ERR_INVALID_IP_ADDRESS(ip); + process.nextTick(connectErrorNT, self, err); } else if (addressType !== 4 && addressType !== 6) { err = new ERR_INVALID_ADDRESS_FAMILY(addressType, options.host, diff --git a/test/parallel/test-net-dns-custom-lookup.js b/test/parallel/test-net-dns-custom-lookup.js index c7a01f5fa6faec..a7c05c82b95419 100644 --- a/test/parallel/test-net-dns-custom-lookup.js +++ b/test/parallel/test-net-dns-custom-lookup.js @@ -41,3 +41,14 @@ function check(addressType, cb) { check(4, function() { common.hasIPv6 && check(6); }); + +// Verify that bad lookup() IPs are handled. +{ + net.connect({ + host: 'localhost', + port: 80, + lookup(host, dnsopts, cb) { + cb(null, undefined, 4); + } + }).on('error', common.expectsError({ code: 'ERR_INVALID_IP_ADDRESS' })); +}