net: validate host name for server listen

jazelly · lpinca · web-flow · commit 52322aa42a43 · 2024-08-25T12:36:40.000Z
Fixes: #54441 Co-authored-by: Luigi Pinca <luigipinca@gmail.com> PR-URL: #54470 Reviewed-By: Paolo Insogna <paolo@cowtech.it> Reviewed-By: Matteo Collina <matteo.collina@gmail.com> Reviewed-By: Jake Yuesong Li <jake.yuesong@gmail.com>
diff --git a/lib/net.js b/lib/net.js
@@ -35,6 +35,8 @@ const {
   NumberParseInt,
   ObjectDefineProperty,
   ObjectSetPrototypeOf,
+  RegExp,
+  RegExpPrototypeExec,
   Symbol,
   SymbolAsyncDispose,
   SymbolDispose,
@@ -143,6 +145,8 @@ const { kTimeout } = require('internal/timers');
 const DEFAULT_IPV4_ADDR = '0.0.0.0';
 const DEFAULT_IPV6_ADDR = '::';
 
+const HOST_REGEXP = new RegExp('^[a-zA-Z0-9-:%.]+$');
+
 const noop = () => {};
 
 const kPerfHooksNetConnectContext = Symbol('kPerfHooksNetConnectContext');
@@ -2020,6 +2024,10 @@ Server.prototype.listen = function(...args) {
     toNumber(args.length > 2 && args[2]);  // (port, host, backlog)
 
   options = options._handle || options.handle || options;
+  if (typeof options.host === 'string' && RegExpPrototypeExec(HOST_REGEXP, options.host) === null) {
+    throw new ERR_INVALID_ARG_VALUE('host', options.host);
+  }
+
   const flags = getFlags(options.ipv6Only);
   //  Refresh the id to make the previous call invalid
   this._listeningId++;
diff --git a/test/parallel/test-net-server-listen-options.js b/test/parallel/test-net-server-listen-options.js
@@ -15,6 +15,10 @@ function close() { this.close(); }
   // Test listen({port})
   net.createServer().listen({ port: 0 })
     .on('listening', common.mustCall(close));
+  // Test listen(host, port}) on ipv4
+  net.createServer().listen({ host: '127.0.0.1', port: '3000' }).on('listening', common.mustCall(close));
+  // Test listen(host, port}) on ipv6
+  net.createServer().listen({ host: '::', port: '3001' }).on('listening', common.mustCall(close));
 }
 
 // Test listen(port, cb) and listen({ port }, cb) combinations
@@ -66,6 +70,13 @@ const listenOnPort = [
                       name: 'TypeError',
                       message: /^The argument 'options' must have the property "port" or "path"\. Received .+$/,
                     });
+    } else if (typeof options.host === 'string' && !options.host.match(/^[a-zA-Z0-9-:%.]+$/)) {
+      assert.throws(fn,
+                    {
+                      code: 'ERR_INVALID_ARG_VALUE',
+                      name: 'TypeError',
+                      message: /^The argument 'host' is invalid\. Received .+$/,
+                    });
     } else {
       assert.throws(fn,
                     {
@@ -91,4 +102,5 @@ const listenOnPort = [
   shouldFailToListen({ host: 'localhost:3000' });
   shouldFailToListen({ host: { port: 3000 } });
   shouldFailToListen({ exclusive: true });
+  shouldFailToListen({ host: '[::]', port: 3000 });
 }
