net: validate custom lookup() output

cjihrig · BethGriggs · commit 90abdd3dd464 · 2020-08-20T15:05:23.000+01:00
This commit adds validation to the IP address returned by the net module's custom DNS lookup() function. PR-URL: #34813 Fixes: #34812 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com> Reviewed-By: Ricky Zhou <0x19951125@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
diff --git a/lib/net.js b/lib/net.js
@@ -1051,6 +1051,9 @@ function lookupAndConnect(self, options){
 // calls net.Socket.connect() on it (that's us). There are no event
 // listeners registered yet so defer the error event to the next tick.
 process.nextTick(connectErrorNT, self, err);
+ } else if (!isIP(ip)){
+ err = new ERR_INVALID_IP_ADDRESS(ip);
+ process.nextTick(connectErrorNT, self, err);
 } else if (addressType !== 4 && addressType !== 6){
 err = new ERR_INVALID_ADDRESS_FAMILY(addressType,
 options.host,
diff --git a/test/parallel/test-net-dns-custom-lookup.js b/test/parallel/test-net-dns-custom-lookup.js
@@ -41,3 +41,14 @@ function check(addressType, cb){
 check(4, function(){
 common.hasIPv6 && check(6);
 });
+
+// Verify that bad lookup() IPs are handled.
+{
+ net.connect({
+ host: 'localhost',
+ port: 80,
+ lookup(host, dnsopts, cb){
+ cb(null, undefined, 4);
+ }
+ }).on('error', common.expectsError({code: 'ERR_INVALID_IP_ADDRESS' }));
+}

-Original file line number
+Diff line change
 // calls net.Socket.connect() on it (that's us). There are no event
 // listeners registered yet so defer the error event to the next tick.
 process.nextTick(connectErrorNT,self,err);
 +}elseif(!isIP(ip)){
 +err=newERR_INVALID_IP_ADDRESS(ip);
 +process.nextTick(connectErrorNT,self,err);
 }elseif(addressType!==4&&addressType!==6){
 err=newERR_INVALID_ADDRESS_FAMILY(addressType,
 options.host,