Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

url: fix port overflow checking #15794

Closed
wants to merge 5 commits into from
Closed

url: fix port overflow checking #15794

wants to merge 5 commits into from

Conversation

rmisev
Copy link
Contributor

@rmisev rmisev commented Oct 6, 2017
edited
Loading

This patch adds (port > 0xffff) check after each digit in the loop and prevents integer overflow.

In the current implementation a result can be incorrect if an integer overflow occurs. For example:

const URL = require('url').URL;
const url = new URL("http://example.com:4294967377/");
console.log(url.port);
// actual: 81
// expected: failure (TypeError)

Refs: web-platform-tests/wpt#7602

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
Affected core subsystem(s)

url

@rmisev
url: fix port overflow checking
d871ee3 
This patch adds (port > 0xffff) check after each digit in the loop and
prevents integer overflow.
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. dont-land-on-v4.x whatwg-url Issues and PRs related to the WHATWG URL implementation. labels Oct 6, 2017
@mscdex
Copy link
Contributor

mscdex commented Oct 6, 2017

Maybe only bother checking if the buffer length is > 4? I think that will avoid having to check for most common ports.

@rmisev
Copy link
Contributor Author

rmisev commented Oct 6, 2017

@mscdex I think your proposal complicates code a bit, and a gain is minimal - only three comparisons less for 4-digit port :

    int port = 0;
    if (buffer.size() <= 4) {
      // port overflow will not occur
      for (size_t i = 0; i < buffer.size(); i++)
        port = port * 10 + buffer[i] - '0';
    } else {
      for (size_t i = 0; i < buffer.size(); i++) {
        port = port * 10 + buffer[i] - '0';
        // prevent integer overflow
        if (port > 0xffff) break;
      }
    }

What do you think?

@rmisev rmisev mentioned this pull request Oct 6, 2017
Merged
addaleax
addaleax approved these changes Oct 6, 2017
View reviewed changes
src/node_url.cc Outdated
@@ -1598,9 +1598,12 @@ void URL::Parse(const char* input,
special_back_slash) {
if (buffer.size() > 0) {
int port = 0;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it might even get a little clearer now if you make this unsigned

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, makes sense. Changed.

TimothyGu
TimothyGu approved these changes Oct 7, 2017
View reviewed changes
src/node_url.cc Outdated
port = port * 10 + buffer[i] - '0';
if (port < 0 || port > 0xffff) {
// prevent integer overflow
if (port > 0xffff) break;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: the port > 0xffff could be moved into the for-loop head

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Seems reasonable, moved.

@joyeecheung
Copy link
Member

CI: https://ci.nodejs.org/job/node-test-pull-request/10484/

@addaleax
Copy link
Member

addaleax commented Oct 8, 2017

There are CI failures like this:

not ok 1615 parallel/test-whatwg-url-parsing
  ---
  duration_ms: 0.213
  severity: fail
  stack: |-
    Mismatched <anonymous> function calls. Expected exactly 110, actual 113.
        at Object.exports.mustCall (/home/iojs/build/workspace/node-test-commit-linux/nodes/ubuntu1610-x64/test/common/index.js:485:10)
        at Object.expectsError (/home/iojs/build/workspace/node-test-commit-linux/nodes/ubuntu1610-x64/test/common/index.js:710:27)
        at Object.<anonymous> (/home/iojs/build/workspace/node-test-commit-linux/nodes/ubuntu1610-x64/test/parallel/test-whatwg-url-parsing.js:28:30)
        at Module._compile (module.js:600:30)
        at Object.Module._extensions..js (module.js:611:10)
        at Module.load (module.js:521:32)
        at tryModuleLoad (module.js:484:12)
        at Function.Module._load (module.js:476:3)
        at Function.Module.runMain (module.js:641:10)

I guess that’s just a mismatched test counter that needs to be updated or something like that?

joyeecheung
joyeecheung reviewed Oct 9, 2017
View reviewed changes
test/parallel/test-whatwg-url-parsing.js Outdated
@@ -26,7 +26,7 @@ const failureTests = tests.filter((test) => test.failure).concat([
]);

const expectedError = common.expectsError(
{ code: 'ERR_INVALID_URL', type: TypeError }, 110);
{ code: 'ERR_INVALID_URL', type: TypeError }, 113);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the counter here is just failureTests.length, there is no need to hard-code this

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agree, done.

@joyeecheung
Copy link
Member

CI: https://ci.nodejs.org/job/node-test-pull-request/10568/

@TimothyGu
Copy link
Member

Landed in 92146e0.

@TimothyGu TimothyGu closed this Oct 10, 2017
TimothyGu pushed a commit that referenced this pull request Oct 10, 2017
@rmisev @TimothyGu
url: fix port overflow checking
92146e0 
This patch adds (port > 0xffff) check after each digit in the loop and
prevents integer overflow.

PR-URL: #15794
Refs: web-platform-tests/wpt#7602
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>
Reviewed-By: Timothy Gu <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
addaleax pushed a commit to addaleax/ayo that referenced this pull request Oct 12, 2017
@rmisev @addaleax
url: fix port overflow checking
15c3540 
This patch adds (port > 0xffff) check after each digit in the loop and
prevents integer overflow.

PR-URL: nodejs/node#15794
Refs: web-platform-tests/wpt#7602
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>
Reviewed-By: Timothy Gu <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
targos pushed a commit that referenced this pull request Oct 18, 2017
@rmisev @targos
url: fix port overflow checking
f5e56aa 
This patch adds (port > 0xffff) check after each digit in the loop and
prevents integer overflow.

PR-URL: #15794
Refs: web-platform-tests/wpt#7602
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>
Reviewed-By: Timothy Gu <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joyeecheung joyeecheung joyeecheung approved these changes

@cjihrig cjihrig cjihrig approved these changes

@watilde watilde watilde approved these changes

@TimothyGu TimothyGu TimothyGu approved these changes

@addaleax addaleax addaleax approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. whatwg-url Issues and PRs related to the WHATWG URL implementation.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@rmisev @mscdex @joyeecheung @addaleax @TimothyGu @watilde @cjihrig @nodejs-github-bot