archive/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-08-15 13:48:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Revert "url: improve port validation"

Browse source 
This reverts commit 5f7730e2f2.

This change broke too many edge cases in the ecosystem. Reverting it
re-introduces some host-spoofing possibilities, so we won't want to
revert forever, but the issue is long-lived enough and not sufficiently
critical that we can't wait for a major release to introduce it as a
breaking change. After this lands, I plan to re-introduce this as a
change that throws a warning rather than an error, after which we can
land a semver-major that re-introduces the error and try to get the word
out to maintainers of likely-affected packages.

Closes: https://github.com/nodejs/node/issues/45514
Refs: https://github.com/nodejs/node/pull/45012
PR-URL: https://github.com/nodejs/node/pull/45517
Fixes: https://github.com/nodejs/node/issues/45514
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
This commit is contained in:
Rich Trott 2022-11-19 10:34:59 -08:00 committed by GitHub
parent 0220aeb855
commit bd965aaf36
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 18 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/url.js
View file

@ -387,7 +387,7 @@ Url.prototype.parse = function parse(url, parseQueryString, slashesDenoteHost) {
// validate a little.
if (!ipv6Hostname) {
rest = getHostname(this, rest, hostname, url);
rest = getHostname(this, rest, hostname);
}
if (this.hostname.length > hostnameMaxLen) {
@ -506,7 +506,7 @@ Url.prototype.parse = function parse(url, parseQueryString, slashesDenoteHost) {
return this;
};
function getHostname(self, rest, hostname, url) {
function getHostname(self, rest, hostname) {
for (let i = 0; i < hostname.length; ++i) {
const code = hostname.charCodeAt(i);
const isValid = (code !== CHAR_FORWARD_SLASH &&
@ -516,10 +516,6 @@ function getHostname(self, rest, hostname, url) {
code !== CHAR_COLON);
if (!isValid) {
// If leftover starts with :, then it represents an invalid port.
if (hostname.charCodeAt(i) === 58) {
throw new ERR_INVALID_URL(url);
}
self.hostname = hostname.slice(0, i);
return `/${hostname.slice(i)}${rest}`;
}