fix: disallow PORT connections to alternate hosts

Ensure the data socket that the server connects to from the PORT command is the same IP as the current command socket. * fix: add error handling to additional connection commands
QuorumDMS · Aug 17, 2020 · fb32b01 · fb32b01
1 parent 66fc66e
commit fb32b01
Show file tree

Hide file tree

Showing 10 changed files with 60 additions and 19 deletions.
diff --git a/src/commands/registration/eprt.js b/src/commands/registration/eprt.js
@@ -8,14 +8,18 @@ const FAMILY = {
 
 module.exports = {
   directive: 'EPRT',
-  handler: function ({command} = {}) {
+  handler: function ({log, command} = {}) {
     const [, protocol, ip, port] = _.chain(command).get('arg', '').split('|').value();
     const family = FAMILY[protocol];
     if (!family) return this.reply(504, 'Unknown network protocol');
 
     this.connector = new ActiveConnector(this);
     return this.connector.setupConnection(ip, port, family)
-    .then(() => this.reply(200));
+    .then(() => this.reply(200))
+    .catch((err) => {
+      log.error(err);
+      return this.reply(err.code || 425, err.message);
+    });
   },
   syntax: '{{cmd}} |<protocol>|<address>|<port>|',
   description: 'Specifies an address and port to which the server should connect'

diff --git a/src/commands/registration/epsv.js b/src/commands/registration/epsv.js
@@ -2,13 +2,17 @@ const PassiveConnector = require('../../connector/passive');
 
 module.exports = {
   directive: 'EPSV',
-  handler: function () {
+  handler: function ({log}) {
     this.connector = new PassiveConnector(this);
     return this.connector.setupServer()
     .then(server => {
       const {port} = server.address();
 
       return this.reply(229, `EPSV OK (|||${port}|)`);
+    })
+    .catch((err) => {
+      log.error(err);
+      return this.reply(err.code || 425, err.message);
     });
   },
   syntax: '{{cmd}} [<protocol>]',

diff --git a/src/commands/registration/pasv.js b/src/commands/registration/pasv.js
@@ -13,6 +13,10 @@ module.exports = {
       const portByte2 = port % 256;
 
       return this.reply(227, `PASV OK (${host},${portByte1},${portByte2})`);
+    })
+    .catch((err) => {
+      log.error(err);
+      return this.reply(err.code || 425, err.message);
     });
   },
   syntax: '{{cmd}}',

diff --git a/src/commands/registration/port.js b/src/commands/registration/port.js
@@ -14,7 +14,11 @@ module.exports = {
     const port = portBytes[0] * 256 + portBytes[1];
 
     return this.connector.setupConnection(ip, port)
-    .then(() => this.reply(200));
+    .then(() => this.reply(200))
+    .catch((err) => {
+      log.error(err);
+      return this.reply(err.code || 425, err.message);
+    });
   },
   syntax: '{{cmd}} <x>,<x>,<x>,<x>,<y>,<y>',
   description: 'Specifies an address and port to which the server should connect'

diff --git a/src/connector/active.js b/src/connector/active.js
@@ -1,7 +1,9 @@
 const {Socket} = require('net');
 const tls = require('tls');
+const ip = require('ip');
 const Promise = require('bluebird');
 const Connector = require('./base');
+const {SocketError} = require('../errors');
 
 class Active extends Connector {
   constructor(connection) {
@@ -27,6 +29,10 @@ class Active extends Connector {
 
     return closeExistingServer()
     .then(() => {
+      if (!ip.isEqual(this.connection.commandSocket.remoteAddress, host)) {
+        throw new SocketError('The given address is not yours', 500);
+      }
+
       this.dataSocket = new Socket();
       this.dataSocket.setEncoding(this.connection.transferType);
       this.dataSocket.on('error', err => this.server && this.server.emit('client-error', {connection: this.connection, context: 'dataSocket', error: err}));

diff --git a/src/connector/base.js b/src/connector/base.js
@@ -28,7 +28,7 @@ class Connector {
 
   end() {
     const closeDataSocket = new Promise(resolve => {
-      if (this.dataSocket) this.dataSocket.end();
+      if (this.dataSocket) this.dataSocket.end(() => socket && socket.destroy());
       else resolve();
     });
     const closeDataServer = new Promise(resolve => {

diff --git a/test/commands/registration/eprt.spec.js b/test/commands/registration/eprt.spec.js
@@ -23,7 +23,7 @@ describe(CMD, function () {
   });
 
   it('// unsuccessful | no argument', () => {
-    return cmdFn()
+    return cmdFn({})
     .then(() => {
       expect(mockClient.reply.args[0][0]).to.equal(504);
     });

diff --git a/test/commands/registration/epsv.spec.js b/test/commands/registration/epsv.spec.js
@@ -25,7 +25,7 @@ describe(CMD, function () {
   });
 
   it('// successful IPv4', () => {
-    return cmdFn()
+    return cmdFn({})
     .then(() => {
       const [code, message] = mockClient.reply.args[0];
       expect(code).to.equal(229);

diff --git a/test/commands/registration/opts.spec.js b/test/commands/registration/opts.spec.js
@@ -29,7 +29,7 @@ describe(CMD, function () {
   it('BAD // unsuccessful', () => {
     return cmdFn({command: {arg: 'BAD', directive: CMD}})
     .then(() => {
-      expect(mockClient.reply.args[0][0]).to.equal(500);
+      expect(mockClient.reply.args[0][0]).to.equal(501);
     });
   });
 

diff --git a/test/connector/active.spec.js b/test/connector/active.spec.js
@@ -1,6 +1,7 @@
 /* eslint no-unused-expressions: 0 */
 const {expect} = require('chai');
 const sinon = require('sinon');
+const Promise = require('bluebird');
 
 const net = require('net');
 const tls = require('tls');
@@ -11,15 +12,17 @@ const findPort = require('../../src/helpers/find-port');
 describe('Connector - Active //', function () {
   let PORT;
   let active;
-  let mockConnection = {};
+  let mockConnection = {
+    commandSocket: {
+      remoteAddress: '::ffff:127.0.0.1'
+    }
+  };
   let sandbox;
   let server;
 
-  before(() => {
+  beforeEach((done) => {
     active = new ActiveConnector(mockConnection);
-  });
-  beforeEach(done => {
-    sandbox = sinon.sandbox.create();
+    sandbox = sinon.sandbox.create().usingPromise(Promise);
 
     findPort()
     .then(port => {
@@ -29,9 +32,11 @@ describe('Connector - Active //', function () {
       .listen(PORT, () => done());
     });
   });
-  afterEach(done => {
+
+  afterEach(() => {
     sandbox.restore();
-    server.close(done);
+    server.close();
+    active.end();
   });
 
   it('sets up a connection', function () {
@@ -41,13 +46,27 @@ describe('Connector - Active //', function () {
     });
   });
 
-  it('destroys existing connection, then sets up a connection', function () {
-    const destroyFnSpy = sandbox.spy(active.dataSocket, 'destroy');
+  it('rejects alternative host', function () {
+    return active.setupConnection('123.45.67.89', PORT)
+    .catch((err) => {
+      expect(err.code).to.equal(500);
+      expect(err.message).to.equal('The given address is not yours');
+    })
+    .finally(() => {
+      expect(active.dataSocket).not.to.exist;
+    });
+  });
 
+  it('destroys existing connection, then sets up a connection', function () {
     return active.setupConnection('127.0.0.1', PORT)
     .then(() => {
-      expect(destroyFnSpy.callCount).to.equal(1);
-      expect(active.dataSocket).to.exist;
+      const destroyFnSpy = sandbox.spy(active.dataSocket, 'destroy');
+
+      return active.setupConnection('127.0.0.1', PORT)
+      .then(() => {
+        expect(destroyFnSpy.callCount).to.equal(1);
+        expect(active.dataSocket).to.exist;
+      });
     });
   });