Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

url: disallow invalid IPv4 in IPv6 parser #12315

Closed
wants to merge 1 commit into from

Conversation

@watilde
Copy link
Member

commented Apr 10, 2017

Fixes: #10655.

Checklist
  • make -j4 test
  • tests are included
Affected core subsystem(s)

url

@watilde

This comment has been minimized.

src/node_url.cc Outdated
while (ch != kEOL) {
value = 0xffffffff;
if (numbers_seen > 0) {
if (ch == '.' && 4 > numbers_seen) {

This comment has been minimized.

Copy link
@addaleax

addaleax Apr 10, 2017

Member

Maybe numbers_seen < 4 is a bit more intuitive than 4 > numbers_seen?

This comment has been minimized.

Copy link
@watilde

watilde Apr 10, 2017

Author Member

Sure thing. I've updated it :)

@watilde watilde force-pushed the watilde:feature/ipv4-in-ipv6 branch Apr 10, 2017

@TimothyGu TimothyGu self-requested a review Apr 11, 2017

src/node_url.cc Outdated
pointer++;
ch = pointer < end ? pointer[0] : kEOL;
if (value > 255)
goto end;

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Apr 11, 2017

Member

Why did you move this?

This comment has been minimized.

Copy link
@watilde

watilde Apr 11, 2017

Author Member

Oh, I was just reading the spec from the top to the bottom. The order comes from it, but yeah it's better to not touch for the performance. I will update it :)

src/node_url.cc Outdated
ch = pointer < end ? pointer[0] : kEOL;
}
if (dots == 3 && ch != kEOL)
if (ch == kEOL && numbers_seen != 4)

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Apr 11, 2017

Member

This is covered by the if (numbers_seen > 0) { check at the start of the loop, isn't it?

This comment has been minimized.

Copy link
@watilde

watilde Apr 11, 2017

Author Member

I think it could happen if the numbers_seen is increased in the loop in the loop that the top loop can't detect: https://github.com/watilde/node/blob/521926ae2f502759c5fc752c82a2661a3dbf419e/src/node_url.cc#L179

This comment has been minimized.

Copy link
@bnoordhuis

bnoordhuis Apr 11, 2017

Member

I think I see what you mean but in that case it can be moved to right after the loop, right? And the ch == kEOL clause can be dropped because that's implied by while (ch != kEOL).

This comment has been minimized.

Copy link
@watilde

watilde Apr 12, 2017

Author Member

Oh you're right! I just got what you meant of right after the loop. I will update and let's wait for the spec update at whatwg/url#292. Thanks :)

This comment has been minimized.

Copy link
@watilde

watilde Apr 14, 2017

Author Member

The spec was updated at whatwg/url#292.

@rmisev rmisev referenced this pull request Apr 12, 2017

@watilde watilde force-pushed the watilde:feature/ipv4-in-ipv6 branch to a5786ac Apr 12, 2017

@refack refack force-pushed the nodejs:master branch to fbe946b Apr 14, 2017

@watilde

This comment has been minimized.

Copy link
Member Author

commented Apr 14, 2017

@watilde

This comment has been minimized.

Copy link
Member Author

commented Apr 14, 2017

Landed in 1b99d8f. Thanks!

@watilde watilde closed this Apr 14, 2017

@watilde watilde deleted the watilde:feature/ipv4-in-ipv6 branch Apr 14, 2017

watilde added a commit that referenced this pull request Apr 14, 2017
url: disallow invalid IPv4 in IPv6 parser
Fixes: #10655
PR-URL: #12315
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
@TimothyGu TimothyGu referenced this pull request Apr 19, 2017
4 of 4 tasks complete
@jasnell jasnell referenced this pull request May 11, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
6 participants
You can’t perform that action at this time.