From 8c5be2dd97f36cf93d28e63c2d9cbdba52a4fc2d Mon Sep 17 00:00:00 2001 From: Kyle Havlovitz Date: Fri, 19 Jan 2018 13:48:31 -0800 Subject: [PATCH] Enforce a valid port for the Serf WAN since it can't be disabled. Fixes #3817 --- agent/config/builder.go | 3 +++ agent/config/runtime_test.go | 17 +++++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/agent/config/builder.go b/agent/config/builder.go index e5f3793f9312..834c06a477fc 100644 --- a/agent/config/builder.go +++ b/agent/config/builder.go @@ -369,6 +369,9 @@ func (b *Builder) Build() (rt RuntimeConfig, err error) { if ipaddr.IsAny(b.stringVal(c.AdvertiseAddrWAN)) { return RuntimeConfig{}, fmt.Errorf("Advertise WAN address cannot be 0.0.0.0, :: or [::]") } + if serfPortWAN < 0 { + return RuntimeConfig{}, fmt.Errorf("ports.serf_wan must be a valid port from 1 to 65535") + } bindAddr := bindAddrs[0].(*net.IPAddr) advertiseAddr := b.makeIPAddr(b.expandFirstIP("advertise_addr", c.AdvertiseAddrLAN), bindAddr) diff --git a/agent/config/runtime_test.go b/agent/config/runtime_test.go index f572f9864615..8e6a32ababe6 100644 --- a/agent/config/runtime_test.go +++ b/agent/config/runtime_test.go @@ -1064,6 +1064,23 @@ func TestConfigFlagsAndEdgecases(t *testing.T) { rt.DataDir = dataDir }, }, + { + desc: "serf wan port > 0", + args: []string{`-data-dir=` + dataDir}, + json: []string{`{ + "ports": { + "serf_wan": -1 + }, + "advertise_addr_wan": "1.2.3.4" + }`}, + hcl: []string{` + ports { + serf_wan = -1 + } + advertise_addr_wan = "1.2.3.4" + `}, + err: "ports.serf_wan must be a valid port from 1 to 65535", + }, { desc: "serf bind address lan template", args: []string{`-data-dir=` + dataDir},