net: stricter checking for internal/net isLegalPort #5733
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jasnell
added
net
|
semver-major because this causes previously acceptable (but quite odd) input values to be rejected. |
| @@ -5,7 +5,9 @@ module.exports = { isLegalPort }; | |||
| // Check that the port number is not NaN when coerced to a number, | |||
| // is an integer and that it falls within the legal range of port numbers. | |||
| function isLegalPort(port) { | |||
| if (typeof port === 'string' && port.trim() === '') | |||
| if (port === null) return true; | |||
There was a problem hiding this comment.
should this be loose equal to catch undefined early too?
EDIT: Scratch that, for some reason I thought you were returning false. Disregard
There was a problem hiding this comment.
Why is null an accepted value?
There was a problem hiding this comment.
wasn't sure if null should be rejected or treated as equivalent to 0. I'm happy rejecting nulls also.
There was a problem hiding this comment.
I think if we're monkeying with this function, we should get it to a point where it ONLY accepts valid ports (numbers and numeric strings). Then, if null or undefined is a valid value for a given calling context, that context can be responsible for allowing those values.
4 tasks
|
@nodejs/ctc |
jasnell
force-pushed
the
better-islegalport
branch
from
5aefc48
to
45fed90
Compare
|
@cjihrig ... PTAL! |
|
LGTM. Here are some other values you might want to test, taken from https://github.com/nodejs/node/blob/master/test/parallel/test-net-create-connection.js. Failures: |
|
@cjihrig ... done! also included the other new radix modes, e.g. |
| return false; | ||
| return +port === (port >>> 0) && port >= 0 && port <= 0xFFFF; | ||
| return +port === (+port >>> 0) && port <= 0xFFFF; |
There was a problem hiding this comment.
Is + in >>> expression necessary? Internally it will be converted to number, right?
Add stricter testing for the isLegalPort method in internal/net. This ensures that odd inputs such as isLegalPort(true) and isLegalPort([1]) aren't acceptable as valid port inputs.
jasnell
force-pushed
the
better-islegalport
branch
from
56970fb
to
551e3d2
Compare
|
CI is green |
|
LGTM. |
jasnell
added a commit
that referenced
this pull request
Mar 21, 2016
Add stricter testing for the isLegalPort method in internal/net. This ensures that odd inputs such as isLegalPort(true) and isLegalPort([1]) aren't acceptable as valid port inputs. PR-URL: #5733 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
|
Landed in d0edabe |
Closed
jasnell
added a commit
that referenced
this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell
added a commit
that referenced
this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell
added a commit
that referenced
this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell
added a commit
that referenced
this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
jasnell
added a commit
that referenced
this pull request
Apr 26, 2016
The following significant (semver-major) changes have been made since the
previous Node v5.0.0 release.
* Buffer
* New Buffer constructors have been added
[#4682](#4682)
* Previously deprecated Buffer APIs are removed
[#5048](#5048),
[#4594](#4594)
* Improved error handling [#4514](#4514)
* Cluster
* Worker emitted as first argument in 'message' event
[#5361](#5361).
* Crypto
* Improved error handling [#3100](#3100),
[#5611](#5611)
* Simplified Certificate class bindings
[#5382](#5382)
* Improved control over FIPS mode
[#5181](#5181)
* pbkdf2 digest overloading is deprecated
[#4047](#4047)
* Dependencies
* Reintroduce shared c-ares build support
[#5775](#5775).
* V8 updated to 5.0.71.31 [#6111](#6111).
* DNS
* Add resolvePtr API to query plain DNS PTR records
[#4921](#4921).
* Domains
* Clear stack when no error handler
[#4659](#4659).
* File System
* The `fs.realpath()` and `fs.realpathSync()` methods have been updated
to use a more efficient libuv implementation. This change includes the
removal of the `cache` argument and the method can throw new errors
[#3594](#3594)
* FS apis can now accept and return paths as Buffers
[#5616](#5616).
* Error handling and type checking improvements
[#5616](#5616),
[#5590](#5590),
[#4518](#4518),
[#3917](#3917).
* fs.read's string interface is deprecated
[#4525](#4525)
* HTTP
* 'clientError' can now be used to return custom errors from an
HTTP server [#4557](#4557).
* Modules
* Current directory is now prioritized for local lookups
[#5689](#5689)
* Symbolic links are preserved when requiring modules
[#5950](#5950)
* Net
* DNS hints no longer implicitly set
[#6021](#6021).
* Improved error handling and type checking
[#5981](#5981),
[#5733](#5733),
[#2904](#2904)
* OS X
* MACOSX_DEPLOYMENT_TARGET has been bumped up to 10.7
[#6402](#6402).
* Path
* Improved type checking [#5348](#5348).
* Process
* Introduce process warnings API
[#4782](#4782).
* Throw exception when non-function passed to nextTick
[#3860](#3860).
* Readline
* Emit key info unconditionally
[#6024](#6024)
* REPL
* Assignment to `_` will emit a warning.
[#5535](#5535)
* Timers
* Fail early when callback is not a function
[#4362](#4362)
* TLS
* Rename 'clientError' to 'tlsClientError'
[#4557](#4557)
* SHA1 used for sessionIdContext
[#3866](#3866)
* TTY
* Previously deprecated setRawMode wrapper is removed
[#2528](#2528).
* Util
* Changes to Error object formatting
[#4582](#4582).
* Windows
* Windows XP and Vista are no longer supported
[#5167](#5167),
[#5167](#5167).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Pull Request check-list
make -j8 test(UNIX) orvcbuild test nosign(Windows) pass withthis change (including linting)?
test (or a benchmark) included?
existing APIs, or introduces new ones)?
Affected core subsystem(s)
net
Description of change
Please provide a description of the change here.
Add stricter testing for the isLegalPort method in internal/net.
This ensures that odd inputs such as isLegalPort(true) and
isLegalPort([1]) aren't acceptable as valid port inputs.
Refs: #5732