merge bitcoin#22087: Validate port-options

kwvg · kwvg · commit 859da121444f · 2025-04-22T15:20:45.000Z
diff --git a/doc/release-notes-6634.md b/doc/release-notes-6634.md
@@ -0,0 +1,4 @@
+Updated settings
+----------------
+
+- Ports specified in `-port` and `-rpcport` options are now validated at startup. Values that previously worked and were considered valid can now result in errors.
diff --git a/src/init.cpp b/src/init.cpp
@@ -1674,6 +1674,65 @@ bool AppInitMain(NodeContext& node, interfaces::BlockAndHeaderTipInfo* tip_info)
         }
     }
 
+    // Check port numbers
+    for (const std::string port_option : {
+        "-port",
+        "-rpcport",
+    }) {
+        if (args.IsArgSet(port_option)) {
+            const std::string port = args.GetArg(port_option, "");
+            uint16_t n;
+            if (!ParseUInt16(port, &n) || n == 0) {
+                return InitError(InvalidPortErrMsg(port_option, port));
+            }
+        }
+    }
+
+    for (const std::string port_option : {
+        "-i2psam",
+        "-onion",
+        "-proxy",
+        "-rpcbind",
+        "-torcontrol",
+        "-whitebind",
+        "-zmqpubhashblock",
+        "-zmqpubhashchainlock",
+        "-zmqpubhashgovernanceobject",
+        "-zmqpubhashgovernancevote",
+        "-zmqpubhashinstantsenddoublespend",
+        "-zmqpubhashrecoveredsig",
+        "-zmqpubhashtx",
+        "-zmqpubhashtxlock",
+        "-zmqpubrawblock",
+        "-zmqpubrawchainlock",
+        "-zmqpubrawchainlocksig",
+        "-zmqpubrawgovernancevote",
+        "-zmqpubrawgovernanceobject",
+        "-zmqpubrawinstantsenddoublespend",
+        "-zmqpubrawrecoveredsig",
+        "-zmqpubrawtx",
+        "-zmqpubrawtxlock",
+        "-zmqpubrawtxlocksig",
+        "-zmqpubsequence",
+    }) {
+        for (const std::string& socket_addr : args.GetArgs(port_option)) {
+            std::string host_out;
+            uint16_t port_out{0};
+            if (!SplitHostPort(socket_addr, port_out, host_out)) {
+                return InitError(InvalidPortErrMsg(port_option, socket_addr));
+            }
+        }
+    }
+
+    for (const std::string& socket_addr : args.GetArgs("-bind")) {
+        std::string host_out;
+        uint16_t port_out{0};
+        std::string bind_socket_addr = socket_addr.substr(0, socket_addr.rfind('='));
+        if (!SplitHostPort(bind_socket_addr, port_out, host_out)) {
+            return InitError(InvalidPortErrMsg("-bind", socket_addr));
+        }
+    }
+
     // sanitize comments per BIP-0014, format user agent and check total size
     std::vector<std::string> uacomments;
 
diff --git a/src/test/netbase_tests.cpp b/src/test/netbase_tests.cpp
@@ -83,12 +83,12 @@ BOOST_AUTO_TEST_CASE(netbase_properties)
 
 }
 
-bool static TestSplitHost(const std::string& test, const std::string& host, uint16_t port)
+bool static TestSplitHost(const std::string& test, const std::string& host, uint16_t port, bool validPort=true)
 {
     std::string hostOut;
     uint16_t portOut{0};
-    SplitHostPort(test, portOut, hostOut);
-    return hostOut == host && port == portOut;
+    bool validPortOut = SplitHostPort(test, portOut, hostOut);
+    return hostOut == host && portOut == port && validPortOut == validPort;
 }
 
 BOOST_AUTO_TEST_CASE(netbase_splithost)
@@ -108,6 +108,23 @@ BOOST_AUTO_TEST_CASE(netbase_splithost)
     BOOST_CHECK(TestSplitHost(":9999", "", 9999));
     BOOST_CHECK(TestSplitHost("[]:9999", "", 9999));
     BOOST_CHECK(TestSplitHost("", "", 0));
+    BOOST_CHECK(TestSplitHost(":65535", "", 65535));
+    BOOST_CHECK(TestSplitHost(":65536", ":65536", 0, false));
+    BOOST_CHECK(TestSplitHost(":-1", ":-1", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:70001", "[]:70001", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:-1", "[]:-1", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:-0", "[]:-0", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:0", "", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:1/2", "[]:1/2", 0, false));
+    BOOST_CHECK(TestSplitHost("[]:1E2", "[]:1E2", 0, false));
+    BOOST_CHECK(TestSplitHost("127.0.0.1:65536", "127.0.0.1:65536", 0, false));
+    BOOST_CHECK(TestSplitHost("127.0.0.1:0", "127.0.0.1", 0, false));
+    BOOST_CHECK(TestSplitHost("127.0.0.1:", "127.0.0.1:", 0, false));
+    BOOST_CHECK(TestSplitHost("127.0.0.1:1/2", "127.0.0.1:1/2", 0, false));
+    BOOST_CHECK(TestSplitHost("127.0.0.1:1E2", "127.0.0.1:1E2", 0, false));
+    BOOST_CHECK(TestSplitHost("www.bitcoincore.org:65536", "www.bitcoincore.org:65536", 0, false));
+    BOOST_CHECK(TestSplitHost("www.bitcoincore.org:0", "www.bitcoincore.org", 0, false));
+    BOOST_CHECK(TestSplitHost("www.bitcoincore.org:", "www.bitcoincore.org:", 0, false));
 }
 
 bool static TestParse(std::string src, std::string canon)
diff --git a/src/util/error.cpp b/src/util/error.cpp
@@ -41,6 +41,11 @@ bilingual_str ResolveErrMsg(const std::string& optname, const std::string& strBi
     return strprintf(_("Cannot resolve -%s address: '%s'"), optname, strBind);
 }
 
+bilingual_str InvalidPortErrMsg(const std::string& optname, const std::string& invalid_value)
+{
+    return strprintf(_("Invalid port specified in %s: '%s'"), optname, invalid_value);
+}
+
 bilingual_str AmountHighWarn(const std::string& optname)
 {
     return strprintf(_("%s is set very high!"), optname);
diff --git a/src/util/error.h b/src/util/error.h
@@ -36,6 +36,8 @@ bilingual_str TransactionErrorString(const TransactionError error);
 
 bilingual_str ResolveErrMsg(const std::string& optname, const std::string& strBind);
 
+bilingual_str InvalidPortErrMsg(const std::string& optname, const std::string& strPort);
+
 bilingual_str AmountHighWarn(const std::string& optname);
 
 bilingual_str AmountErrMsg(const std::string& optname, const std::string& strValue);
diff --git a/src/util/strencodings.cpp b/src/util/strencodings.cpp
@@ -97,8 +97,9 @@ std::vector<Byte> ParseHex(std::string_view str)
 template std::vector<std::byte> ParseHex(std::string_view);
 template std::vector<uint8_t> ParseHex(std::string_view);
 
-void SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)
+bool SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)
 {
+    bool valid = false;
     size_t colon = in.find_last_of(':');
     // if a : is found, and it either follows a [...], or no other : is in the string, treat it as port separator
     bool fHaveColon = colon != in.npos;
@@ -109,13 +110,18 @@ void SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)
         if (ParseUInt16(in.substr(colon + 1), &n)) {
             in = in.substr(0, colon);
             portOut = n;
+            valid = (portOut != 0);
         }
+    } else {
+        valid = true;
     }
     if (in.size() > 0 && in[0] == '[' && in[in.size() - 1] == ']') {
         hostOut = in.substr(1, in.size() - 2);
     } else {
         hostOut = in;
     }
+
+    return valid;
 }
 
 std::string EncodeBase64(Span<const unsigned char> input)
diff --git a/src/util/strencodings.h b/src/util/strencodings.h
@@ -85,7 +85,16 @@ std::string EncodeBase32(Span<const unsigned char> input, bool pad = true);
  */
 std::string EncodeBase32(std::string_view str, bool pad = true);
 
-void SplitHostPort(std::string_view in, uint16_t &portOut, std::string &hostOut);
+/**
+ * Splits socket address string into host string and port value.
+ * Validates port value.
+ *
+ * @param[in] in        The socket address string to split.
+ * @param[out] portOut  Port-portion of the input, if found and parsable.
+ * @param[out] hostOut  Host-portion of the input, if found.
+ * @return              true if port-portion is absent or within its allowed range, otherwise false
+ */
+bool SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut);
 
 // LocaleIndependentAtoi is provided for backwards compatibility reasons.
 //
diff --git a/test/functional/feature_proxy.py b/test/functional/feature_proxy.py
@@ -318,19 +318,34 @@ def networks_dict(d):
 
         self.stop_node(1)
 
-        self.log.info("Test passing invalid -proxy raises expected init error")
-        self.nodes[1].extra_args = ["-proxy=abc:def"]
-        msg = "Error: Invalid -proxy address or hostname: 'abc:def'"
+        self.log.info("Test passing invalid -proxy hostname raises expected init error")
+        self.nodes[1].extra_args = ["-proxy=abc..abc:23456"]
+        msg = "Error: Invalid -proxy address or hostname: 'abc..abc:23456'"
         self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
 
-        self.log.info("Test passing invalid -onion raises expected init error")
-        self.nodes[1].extra_args = ["-onion=xyz:abc"]
-        msg = "Error: Invalid -onion address or hostname: 'xyz:abc'"
+        self.log.info("Test passing invalid -proxy port raises expected init error")
+        self.nodes[1].extra_args = ["-proxy=192.0.0.1:def"]
+        msg = "Error: Invalid port specified in -proxy: '192.0.0.1:def'"
         self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
 
-        self.log.info("Test passing invalid -i2psam raises expected init error")
-        self.nodes[1].extra_args = ["-i2psam=def:xyz"]
-        msg = "Error: Invalid -i2psam address or hostname: 'def:xyz'"
+        self.log.info("Test passing invalid -onion hostname raises expected init error")
+        self.nodes[1].extra_args = ["-onion=xyz..xyz:23456"]
+        msg = "Error: Invalid -onion address or hostname: 'xyz..xyz:23456'"
+        self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
+
+        self.log.info("Test passing invalid -onion port raises expected init error")
+        self.nodes[1].extra_args = ["-onion=192.0.0.1:def"]
+        msg = "Error: Invalid port specified in -onion: '192.0.0.1:def'"
+        self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
+
+        self.log.info("Test passing invalid -i2psam hostname raises expected init error")
+        self.nodes[1].extra_args = ["-i2psam=def..def:23456"]
+        msg = "Error: Invalid -i2psam address or hostname: 'def..def:23456'"
+        self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
+
+        self.log.info("Test passing invalid -i2psam port raises expected init error")
+        self.nodes[1].extra_args = ["-i2psam=192.0.0.1:def"]
+        msg = "Error: Invalid port specified in -i2psam: '192.0.0.1:def'"
         self.nodes[1].assert_start_raises_init_error(expected_msg=msg)
 
         self.log.info("Test passing invalid -onlynet=i2p without -i2psam raises expected init error")

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +Updated settings
 +----------------
++
 +- Ports specified in `-port` and `-rpcport` options are now validated at startup. Values that previously worked and were considered valid can now result in errors.
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,11 @@ bilingual_str ResolveErrMsg(const std::string& optname, const std::string& strBi`
`41`	`41`	`return strprintf(_("Cannot resolve -%s address: '%s'"), optname, strBind);`
`42`	`42`	`}`
`43`	`43`
	`44`	`+bilingual_str InvalidPortErrMsg(const std::string& optname, const std::string& invalid_value)`
	`45`	`+{`
	`46`	`+ return strprintf(_("Invalid port specified in %s: '%s'"), optname, invalid_value);`
	`47`	`+}`
	`48`	`+`
`44`	`49`	`bilingual_str AmountHighWarn(const std::string& optname)`
`45`	`50`	`{`
`46`	`51`	`return strprintf(_("%s is set very high!"), optname);`
Original file line number	Diff line number	Diff line change
`@@ -97,8 +97,9 @@ std::vector<Byte> ParseHex(std::string_view str)`
`97`	`97`	`template std::vector<std::byte> ParseHex(std::string_view);`
`98`	`98`	`template std::vector<uint8_t> ParseHex(std::string_view);`
`99`	`99`
`100`		`-void SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)`
	`100`	`+bool SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)`
`101`	`101`	`{`
	`102`	`+ bool valid = false;`
`102`	`103`	`size_t colon = in.find_last_of(':');`
`103`	`104`	`// if a : is found, and it either follows a [...], or no other : is in the string, treat it as port separator`
`104`	`105`	`bool fHaveColon = colon != in.npos;`
`@@ -109,13 +110,18 @@ void SplitHostPort(std::string_view in, uint16_t& portOut, std::string& hostOut)`
`109`	`110`	`if (ParseUInt16(in.substr(colon + 1), &n)) {`
`110`	`111`	`in = in.substr(0, colon);`
`111`	`112`	`portOut = n;`
	`113`	`+ valid = (portOut != 0);`
`112`	`114`	`}`
	`115`	`+ } else {`
	`116`	`+ valid = true;`
`113`	`117`	`}`
`114`	`118`	`if (in.size() > 0 && in[0] == '[' && in[in.size() - 1] == ']') {`
`115`	`119`	`hostOut = in.substr(1, in.size() - 2);`
`116`	`120`	`} else {`
`117`	`121`	`hostOut = in;`
`118`	`122`	`}`
	`123`	`+`
	`124`	`+ return valid;`
`119`	`125`	`}`
`120`	`126`
`121`	`127`	`std::string EncodeBase64(Span<const unsigned char> input)`