From 87d0d7a069b2a3ca1db1dd592a62db4645ba5d69 Mon Sep 17 00:00:00 2001 From: Yagiz Nizipli Date: Fri, 29 Apr 2022 12:54:38 -0400 Subject: [PATCH] url: validate ipv4 part length PR-URL: https://github.com/nodejs/node/pull/42915 Fixes: https://github.com/nodejs/node/issues/42914 Reviewed-By: Stephen Belanger Reviewed-By: Antoine du Hamel --- src/node_url.cc | 5 ++++- .../fixtures/wpt/url/resources/urltestdata.json | 17 ++++++----------- 2 files changed, 10 insertions(+), 12 deletions(-) diff --git a/src/node_url.cc b/src/node_url.cc index b13c94f030fa59..dbb51ef5ec00af 100644 --- a/src/node_url.cc +++ b/src/node_url.cc @@ -411,8 +411,11 @@ void URLHost::ParseIPv4Host(const char* input, size_t length, bool* is_ipv4) { const char ch = pointer < end ? pointer[0] : kEOL; int64_t remaining = end - pointer - 1; if (ch == '.' || ch == kEOL) { - if (++parts > static_cast(arraysize(numbers))) + // If parts’s size is greater than 4, validation error, return failure. + if (++parts > static_cast(arraysize(numbers))) { + *is_ipv4 = true; return; + } if (pointer == mark) return; int64_t n = ParseNumber(mark, pointer); diff --git a/test/fixtures/wpt/url/resources/urltestdata.json b/test/fixtures/wpt/url/resources/urltestdata.json index a56b30caf98cb1..dc33048964a2f5 100644 --- a/test/fixtures/wpt/url/resources/urltestdata.json +++ b/test/fixtures/wpt/url/resources/urltestdata.json @@ -5317,17 +5317,12 @@ { "input": "http://256.256.256.256.256", "base": "http://other.com/", - "href": "http://256.256.256.256.256/", - "origin": "http://256.256.256.256.256", - "protocol": "http:", - "username": "", - "password": "", - "host": "256.256.256.256.256", - "hostname": "256.256.256.256.256", - "port": "", - "pathname": "/", - "search": "", - "hash": "" + "failure": true + }, + { + "input": "http://256.256.256.256.256.", + "base": "http://other.com/", + "failure": true }, { "input": "https://0x.0x.0",