From a3a54bc747abe8ca4cd7b0bdbb3e5276a062e914 Mon Sep 17 00:00:00 2001
From: seb <sebastian.messier@gmail.com>
Date: Tue, 20 Aug 2024 14:25:41 -0700
Subject: fix(ext/net): validate port in Deno.{connect,serve,listen}  (#24399)

Co-authored-by: Will Leach <4619280+melbourne2991@users.noreply.github.com>
Co-authored-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: David Sherret <dsherret@gmail.com>
---
 ext/net/01_net.js | 31 ++++++++++++++++++++++++++++---
 1 file changed, 28 insertions(+), 3 deletions(-)

(limited to 'ext/net/01_net.js')

diff --git a/ext/net/01_net.js b/ext/net/01_net.js
index 536f79bbf..a41a27543 100644
--- a/ext/net/01_net.js
+++ b/ext/net/01_net.js
@@ -33,9 +33,12 @@ const UDP_DGRAM_MAXSIZE = 65507;
 const {
   Error,
   Number,
+  NumberIsNaN,
+  NumberIsInteger,
   ObjectPrototypeIsPrototypeOf,
   ObjectDefineProperty,
   PromiseResolve,
+  RangeError,
   SafeSet,
   SetPrototypeAdd,
   SetPrototypeDelete,
@@ -531,10 +534,11 @@ const listenOptionApiName = Symbol("listenOptionApiName");
 function listen(args) {
   switch (args.transport ?? "tcp") {
     case "tcp": {
+      const port = validatePort(args.port);
       const { 0: rid, 1: addr } = op_net_listen_tcp(
         {
           hostname: args.hostname ?? "0.0.0.0",
-          port: Number(args.port),
+          port,
         },
         args.reusePort,
         args.loadBalanced ?? false,
@@ -558,14 +562,33 @@ function listen(args) {
   }
 }
 
+function validatePort(maybePort) {
+  if (typeof maybePort !== "number" && typeof maybePort !== "string") {
+    throw new TypeError(`Invalid port (expected number): ${maybePort}`);
+  }
+  if (maybePort === "") throw new TypeError("Invalid port: ''");
+  const port = Number(maybePort);
+  if (!NumberIsInteger(port)) {
+    if (NumberIsNaN(port) && !NumberIsNaN(maybePort)) {
+      throw new TypeError(`Invalid port: '${maybePort}'`);
+    } else {
+      throw new TypeError(`Invalid port: ${maybePort}`);
+    }
+  } else if (port < 0 || port > 65535) {
+    throw new RangeError(`Invalid port (out of range): ${maybePort}`);
+  }
+  return port;
+}
+
 function createListenDatagram(udpOpFn, unixOpFn) {
   return function listenDatagram(args) {
     switch (args.transport) {
       case "udp": {
+        const port = validatePort(args.port);
         const { 0: rid, 1: addr } = udpOpFn(
           {
             hostname: args.hostname ?? "127.0.0.1",
-            port: args.port,
+            port,
           },
           args.reuseAddress ?? false,
           args.loopback ?? false,
@@ -590,10 +613,11 @@ function createListenDatagram(udpOpFn, unixOpFn) {
 async function connect(args) {
   switch (args.transport ?? "tcp") {
     case "tcp": {
+      const port = validatePort(args.port);
       const { 0: rid, 1: localAddr, 2: remoteAddr } = await op_net_connect_tcp(
         {
           hostname: args.hostname ?? "127.0.0.1",
-          port: args.port,
+          port,
         },
       );
       localAddr.transport = "tcp";
@@ -626,4 +650,5 @@ export {
   shutdown,
   TcpConn,
   UnixConn,
+  validatePort,
 };
-- 
cgit v1.2.3