From 4e446a90160685987329642ce08beebb06aca881 Mon Sep 17 00:00:00 2001
From: Yagiz Nizipli <yagiz@nizipli.com>
Date: Fri, 29 Apr 2022 12:54:38 -0400
Subject: [PATCH] url: should validate ipv4 part length

---
 src/node_url.cc                       | 5 ++++-
 test/parallel/test-whatwg-url-ipv4.js | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 test/parallel/test-whatwg-url-ipv4.js

diff --git a/src/node_url.cc b/src/node_url.cc
index b13c94f030fa59..dbb51ef5ec00af 100644
--- a/src/node_url.cc
+++ b/src/node_url.cc
@@ -411,8 +411,11 @@ void URLHost::ParseIPv4Host(const char* input, size_t length, bool* is_ipv4) {
     const char ch = pointer < end ? pointer[0] : kEOL;
     int64_t remaining = end - pointer - 1;
     if (ch == '.' || ch == kEOL) {
-      if (++parts > static_cast<int>(arraysize(numbers)))
+      // If parts’s size is greater than 4, validation error, return failure.
+      if (++parts > static_cast<int>(arraysize(numbers))) {
+        *is_ipv4 = true;
         return;
+      }
       if (pointer == mark)
         return;
       int64_t n = ParseNumber(mark, pointer);
diff --git a/test/parallel/test-whatwg-url-ipv4.js b/test/parallel/test-whatwg-url-ipv4.js
new file mode 100644
index 00000000000000..e7d4427bea8c06
--- /dev/null
+++ b/test/parallel/test-whatwg-url-ipv4.js
@@ -0,0 +1,8 @@
+'use strict';
+
+require('../common');
+
+const assert = require('assert');
+
+assert.throws(() => new URL('https://256.256.256.256'), { code: 'ERR_INVALID_URL' });
+assert.throws(() => new URL('https://256.256.256.256.256'), { code: 'ERR_INVALID_URL' });