Permalink
Browse files

net: throw if socket path contains null bytes

Guard against null byte injection attacks in the socket path.

See #4294.
  • Loading branch information...
1 parent a9a06ad commit 49a71131013301ae07f0fb227a9b448d038f191f @bnoordhuis committed Nov 25, 2012
Showing with 46 additions and 0 deletions.
  1. +8 −0 lib/net.js
  2. +38 −0 test/simple/test-net-null-bytes.js
View
@@ -41,6 +41,12 @@ function createTCP() {
return new TCP();
}
+function nullBytesCheck(path) {
+ if (('' + path).indexOf('\u0000') !== -1) {
+ throw new Error('Path must be a string without null bytes.');
+ }
+}
+
/* Bit flags for socket._flags */
var FLAG_GOT_EOF = 1 << 0;
@@ -96,6 +102,7 @@ function normalizeConnectArgs(args) {
} else if (isPipeName(args[0])) {
// connect(path, [cb]);
options.path = args[0];
+ nullBytesCheck(options.path);
} else {
// connect(port, [host], [cb])
options.port = args[0];
@@ -996,6 +1003,7 @@ Server.prototype.listen = function() {
} else if (isPipeName(arguments[0])) {
// UNIX socket or Windows pipe.
var pipeName = self._pipeName = arguments[0];
+ nullBytesCheck(pipeName);
listen(self, pipeName, -1, -1, backlog);
} else if (typeof arguments[1] == 'undefined' ||
@@ -0,0 +1,38 @@
+// Copyright Joyent, Inc. and other Node contributors.
+//
+// Permission is hereby granted, free of charge, to any person obtaining a
+// copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to permit
+// persons to whom the Software is furnished to do so, subject to the
+// following conditions:
+//
+// The above copyright notice and this permission notice shall be included
+// in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
+// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
+// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
+// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
+// USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+var common = require('../common');
+var assert = require('assert');
+var net = require('net');
+
+var expected = /Path must be a string without null bytes./;
+
+assert.throws(function() {
+ net.connect('/bad\u0000path', assert.fail);
+}, expected);
+
+assert.throws(function() {
+ net.createConnection('/bad\u0000path', assert.fail);
+}, expected);
+
+assert.throws(function() {
+ net.createServer(assert.fail).listen('/bad\u0000path', assert.fail);
+}, expected);

0 comments on commit 49a7113

Please sign in to comment.