Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
nodejs12.28002
CVE-2022-32212.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2022-32212.patch of Package nodejs12.28002
commit 1aa5036c31ac2a9b2a2528af454675ad412f1464 Author: Tobias Nießen <tniessen@tnie.de> Date: Fri May 27 21:18:49 2022 +0000 src: fix IPv4 validation in inspector_socket Co-authored-by: RafaelGSS <rafael.nunu@hotmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: RafaelGSS <rafael.nunu@hotmail.com> PR-URL: https://github.com/nodejs-private/node-private/pull/320 CVE-ID: CVE-2022-32212 diff --git a/src/inspector_socket.cc b/src/inspector_socket.cc index 1650c3fe01..79b50e6a45 100644 --- a/src/inspector_socket.cc +++ b/src/inspector_socket.cc @@ -164,14 +164,22 @@ static std::string TrimPort(const std::string& host) { static bool IsIPAddress(const std::string& host) { if (host.length() >= 4 && host.front() == '[' && host.back() == ']') return true; - int quads = 0; + uint_fast16_t accum = 0; + uint_fast8_t quads = 0; + bool empty = true; + auto endOctet = [&accum, &quads, &empty](bool final = false) { + return !empty && accum <= 0xff && ++quads <= 4 && final == (quads == 4) && + (empty = true) && !(accum = 0); + }; for (char c : host) { - if (c == '.') - quads++; - else if (!isdigit(c)) + if (isdigit(c)) { + if ((accum = (accum * 10) + (c - '0')) > 0xff) return false; + empty = false; + } else if (c != '.' || !endOctet()) { return false; + } } - return quads == 3; + return endOctet(true); } // Constants for hybi-10 frame format. diff --git a/test/cctest/test_inspector_socket.cc b/test/cctest/test_inspector_socket.cc index dc8cd96214..c740d961d9 100644 --- a/test/cctest/test_inspector_socket.cc +++ b/test/cctest/test_inspector_socket.cc @@ -851,4 +851,78 @@ TEST_F(InspectorSocketTest, HostCheckedForUPGRADE) { expect_failure_no_delegate(UPGRADE_REQUEST); } +TEST_F(InspectorSocketTest, HostIPChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 10.0.2.555:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostNegativeIPChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 10.0.-23.255:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpOctetOutOfIntRangeChecked) { + const std::string INVALID_HOST_IP_REQUEST = + "GET /json HTTP/1.1\r\n" + "Host: 127.0.0.4294967296:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpOctetFarOutOfIntRangeChecked) { + const std::string INVALID_HOST_IP_REQUEST = + "GET /json HTTP/1.1\r\n" + "Host: 127.0.0.18446744073709552000:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpEmptyOctetStartChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: .0.0.1:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpEmptyOctetMidChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 127..0.1:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpEmptyOctetEndChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 127.0.0.:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpTooFewOctetsChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 127.0.1:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + +TEST_F(InspectorSocketTest, HostIpTooManyOctetsChecked) { + const std::string INVALID_HOST_IP_REQUEST = "GET /json HTTP/1.1\r\n" + "Host: 127.0.0.0.1:9229\r\n\r\n"; + send_in_chunks(INVALID_HOST_IP_REQUEST.c_str(), + INVALID_HOST_IP_REQUEST.length()); + expect_handshake_failure(); +} + } // anonymous namespace
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor