Skip to content

Commit

Permalink
src: fix IPv4 validation in inspector_socket
Browse files Browse the repository at this point in the history
Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com>

Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com>
PR-URL: nodejs-private/node-private#320
CVE-ID: CVE-2022-32212
  • Loading branch information
tniessen authored and RafaelGSS committed Jun 30, 2022
1 parent 9578158 commit e4af5eb
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 5 deletions.
18 changes: 13 additions & 5 deletions src/inspector_socket.cc
Original file line number Diff line number Diff line change
Expand Up @@ -164,14 +164,22 @@ static std::string TrimPort(const std::string& host) {
static bool IsIPAddress(const std::string& host) {
if (host.length() >= 4 && host.front() == '[' && host.back() == ']')
return true;
int quads = 0;
uint_fast16_t accum = 0;
uint_fast8_t quads = 0;
bool empty = true;
auto endOctet = [&accum, &quads, &empty](bool final = false) {
return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) &&
(empty = true) && !(accum = 0);
};
for (char c : host) {
if (c == '.')
quads++;
else if (!isdigit(c))
if (isdigit(c)) {
if ((accum = (accum * 10) + (c - '0')) > 0xff) return false;
empty = false;
} else if (c != '.' || !endOctet()) {
return false;
}
}
return quads == 3;
return endOctet(true);
}

// Constants for hybi-10 frame format.
Expand Down
74 changes: 74 additions & 0 deletions test/cctest/test_inspector_socket.cc
Original file line number Diff line number Diff line change
Expand Up @@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedForUPGRADE) {
expect_failure_no_delegate(UPGRADE_REQUEST);
}

TEST_F(InspectorSocketTest, HostIPChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 10.0.2.555:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostNegativeIPChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 10.0.-23.255:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) {
const std::string INVALID_HOST_IP_REQUEST =
"GET /json HTTP/1.1\r\n"
"Host: 127.0.0.4294967296:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) {
const std::string INVALID_HOST_IP_REQUEST =
"GET /json HTTP/1.1\r\n"
"Host: 127.0.0.18446744073709552000:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: .0.0.1:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 127..0.1:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 127.0.0.:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 127.0.1:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) {
const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n"
"Host: 127.0.0.0.1:9229\r\n\r\n";
send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(),
INVALID_HOST_IP_REQUEST.length());
expect_handshake_failure();
}

} // anonymous namespace

0 comments on commit e4af5eb

Please sign in to comment.