From d0edabecbf072dded07f85897691b0ff1b0bb99b Mon Sep 17 00:00:00 2001 From: James M Snell Date: Tue, 15 Mar 2016 20:46:53 -0700 Subject: [PATCH] net: strict checking for internal/net isLegalPort Add stricter testing for the isLegalPort method in internal/net. This ensures that odd inputs such as isLegalPort(true) and isLegalPort([1]) aren't acceptable as valid port inputs. PR-URL: https://github.com/nodejs/node/pull/5733 Reviewed-By: Colin Ihrig Reviewed-By: Sakthipriyan Vairamani --- lib/internal/net.js | 5 +++-- test/parallel/test-net-internal.js | 23 ++++++++++++++--------- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/lib/internal/net.js b/lib/internal/net.js index effc6485d2..30bd50ce93 100644 --- a/lib/internal/net.js +++ b/lib/internal/net.js @@ -5,7 +5,8 @@ module.exports = { isLegalPort }; // Check that the port number is not NaN when coerced to a number, // is an integer and that it falls within the legal range of port numbers. function isLegalPort(port) { - if (typeof port === 'string' && port.trim() === '') + if ((typeof port !== 'number' && typeof port !== 'string') || + (typeof port === 'string' && port.trim().length === 0)) return false; - return +port === (port >>> 0) && port >= 0 && port <= 0xFFFF; + return +port === (+port >>> 0) && port <= 0xFFFF; } diff --git a/test/parallel/test-net-internal.js b/test/parallel/test-net-internal.js index b59b92d0fb..0c8d1cf9e1 100644 --- a/test/parallel/test-net-internal.js +++ b/test/parallel/test-net-internal.js @@ -4,12 +4,17 @@ require('../common'); const assert = require('assert'); -const net = require('internal/net'); - -assert.strictEqual(net.isLegalPort(''), false); -assert.strictEqual(net.isLegalPort('0'), true); -assert.strictEqual(net.isLegalPort(0), true); -assert.strictEqual(net.isLegalPort(65536), false); -assert.strictEqual(net.isLegalPort('65535'), true); -assert.strictEqual(net.isLegalPort(undefined), false); -assert.strictEqual(net.isLegalPort(null), true); +const isLegalPort = require('internal/net').isLegalPort; + +for (var n = 0; n <= 0xFFFF; n++) { + assert(isLegalPort(n)); + assert(isLegalPort('' + n)); + assert(`0x${n.toString(16)}`); + assert(`0o${n.toString(8)}`); + assert(`0b${n.toString(2)}`); +} + +const bad = [-1, 'a', {}, [], false, true, 0xFFFF + 1, Infinity, + -Infinity, NaN, undefined, null, '', ' ', 1.1, '0x', + '-0x1', '-0o1', '-0b1', '0o', '0b']; +bad.forEach((i) => assert(!isLegalPort(i)));