fix: invalid ip address and daemon can be crashed by remote user

Per the nodeJS documentation, a Net socket.remoteAddress value may be undefined if the socket is destroyed, as by a client disconnect. A multiaddr cannot be created for an invalid IP address (such as the undefined remote address of a destroyed socket). Currently the attempt results in a crash that can be triggered remotely. This commit terminates processing of a destroyed socket before multiaddr causes the crash. fixes: libp2p#93 fixes: ipfs/js-ipfs#1447
TomCoded · Jul 23, 2018 · 9370155 · 9370155
1 parent d39ec2d
commit 9370155
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/listener.js b/src/listener.js
@@ -24,6 +24,12 @@ module.exports = (handler) => {
     // Avoid uncaught errors cause by unstable connections
     socket.on('error', noop)
 
+    if (socket.remoteAddress === undefined ||
+      socket.remotePort === undefined) {
+      log('connection closed before p2p connection made')
+      return
+    }
+
     const addr = getMultiaddr(socket)
     log('new connection', addr.toString())