fix: Proxy and NodeConnection rejects connections to wildcard `0.…

…0.0.0` and `::` addresses #369
MatrixAI · Apr 6, 2022 · 105331d · 105331d
1 parent 437be7f
commit 105331d
Show file tree

Hide file tree

Showing 5 changed files with 40 additions and 0 deletions.
diff --git a/src/network/Proxy.ts b/src/network/Proxy.ts
@@ -434,6 +434,13 @@ class Proxy {
  timer,
  );
  } catch (e) {
+ if (e instanceof networkErrors.ErrorProxyConnectInvalidUrl) {
+ if (!clientSocket.destroyed) {
+ await clientSocketEnd('HTTP/1.1 400 Bad Request\r\n' + '\r\n');
+ clientSocket.destroy(e);
+ }
+ return;
+ }
  if (e instanceof networkErrors.ErrorConnectionStartTimeout) {
  if (!clientSocket.destroyed) {
  await clientSocketEnd('HTTP/1.1 504 Gateway Timeout\r\n' + '\r\n');
@@ -519,6 +526,9 @@ class Proxy {
  proxyPort: Port,
  timer?: Timer,
  ): Promise<ConnectionForward> {
+ if (networkUtils.isHostWildcard(proxyHost)) {
+ throw new networkErrors.ErrorProxyConnectInvalidUrl();
+ }
  const proxyAddress = networkUtils.buildAddress(proxyHost, proxyPort);
  let conn: ConnectionForward | undefined;
  conn = this.connectionsForward.proxy.get(proxyAddress);
@@ -681,6 +691,9 @@ class Proxy {
  proxyPort: Port,
  timer?: Timer,
  ): Promise<ConnectionReverse> {
+ if (networkUtils.isHostWildcard(proxyHost)) {
+ throw new networkErrors.ErrorProxyConnectInvalidUrl();
+ }
  const proxyAddress = networkUtils.buildAddress(proxyHost, proxyPort);
  let conn = this.connectionsReverse.proxy.get(proxyAddress);
  if (conn != null) {

diff --git a/src/network/utils.ts b/src/network/utils.ts
@@ -29,6 +29,13 @@ function isHost(host: any): host is Host {
  return isIPv4 || isIPv6;
 }
 
+function isHostWildcard(host: Host): boolean {
+ const [isIPv4] = Validator.isValidIPv4String(host);
+ if (isIPv4 && host === '0.0.0.0') return true;
+ const [isIPv6] = Validator.isValidIPv6String(host);
+ return isIPv6 && host === '::';
+}
+
 /**
  * Validates hostname as per RFC 1123
  */
@@ -353,6 +360,7 @@ export {
  pingBuffer,
  pongBuffer,
  isHost,
+ isHostWildcard,
  isHostname,
  isPort,
  toAuthToken,

diff --git a/src/nodes/NodeConnection.ts b/src/nodes/NodeConnection.ts
@@ -59,6 +59,10 @@ class NodeConnection<T extends GRPCClient> {
  logger?: Logger;
  }): Promise<NodeConnection<T>> {
  logger.info(`Creating ${this.name}`);
+ // Checking if attempting to connect to a wildcard IP
+ if (networkUtils.isHostWildcard(targetHost)) {
+ throw new nodesErrors.ErrorNodeConnectionHostWildcard();
+ }
  const proxyConfig = {
  host: proxy.getForwardHost(),
  port: proxy.getForwardPort(),

diff --git a/src/nodes/errors.ts b/src/nodes/errors.ts
@@ -62,6 +62,11 @@ class ErrorNodeConnectionManagerNotRunning extends ErrorNodes {
  exitCode = sysexits.USAGE;
 }
 
+class ErrorNodeConnectionHostWildcard extends ErrorNodes {
+ description = 'An IP wildcard was provided for the target host';
+ exitCode = sysexits.USAGE;
+}
+
 export {
  ErrorNodes,
  ErrorNodeGraphRunning,
@@ -76,4 +81,5 @@ export {
  ErrorNodeConnectionInfoNotExist,
  ErrorNodeConnectionPublicKeyNotFound,
  ErrorNodeConnectionManagerNotRunning,
+ ErrorNodeConnectionHostWildcard,
 };
diff --git a/tests/network/Proxy.test.ts b/tests/network/Proxy.test.ts
@@ -208,6 +208,15 @@ describe(Proxy.name, () => {
  `127.0.0.1:80?nodeId=${encodeURIComponent(nodeIdSomeEncoded)}`,
  ),
  ).rejects.toThrow('407');
+ // Wildcard as host
+ await expect(() =>
+ httpConnect(
+ proxy.getForwardHost(),
+ proxy.getForwardPort(),
+ authToken,
+ `0.0.0.0:80?nodeId=${encodeURIComponent(nodeIdSomeEncoded)}`,
+ ),
+ ).rejects.toThrow('400');
  // No node id
  await expect(() =>
  httpConnect(