Skip to content

Commit

Permalink
net: validate host name for server listen
Browse files Browse the repository at this point in the history
Fixes: nodejs#54441

Co-authored-by: Luigi Pinca <[email protected]>
  • Loading branch information
jazelly and lpinca committed Aug 21, 2024
1 parent 9e83853 commit 9785834
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/net.js
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ const {
NumberParseInt,
ObjectDefineProperty,
ObjectSetPrototypeOf,
RegExpPrototypeExec,
Symbol,
SymbolAsyncDispose,
SymbolDispose,
Expand Down Expand Up @@ -2019,6 +2020,10 @@ Server.prototype.listen = function(...args) {
toNumber(args.length > 2 && args[2]); // (port, host, backlog)

options = options._handle || options.handle || options;
if (typeof options.host === 'string' && RegExpPrototypeExec(/^[a-zA-Z0-9-:%.]+$/, options.host) === null) {
throw new ERR_INVALID_ARG_VALUE('host', options.host);
}

const flags = getFlags(options.ipv6Only);
// Refresh the id to make the previous call invalid
this._listeningId++;
Expand Down
8 changes: 8 additions & 0 deletions test/parallel/test-net-server-listen-options.js
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,13 @@ const listenOnPort = [
name: 'TypeError',
message: /^The argument 'options' must have the property "port" or "path"\. Received .+$/,
});
} else if (typeof options.host === 'string' && !options.host.match(/^[a-zA-Z0-9-:%.]+$/)) {
assert.throws(fn,
{
code: 'ERR_INVALID_ARG_VALUE',
name: 'TypeError',
message: /^The argument 'host' is invalid\. Received .+$/,
});
} else {
assert.throws(fn,
{
Expand All @@ -91,4 +98,5 @@ const listenOnPort = [
shouldFailToListen({ host: 'localhost:3000' });
shouldFailToListen({ host: { port: 3000 } });
shouldFailToListen({ exclusive: true });
shouldFailToListen({ host: '[::]', port: 3000 });
}

0 comments on commit 9785834

Please sign in to comment.