fix(parse-http): prevent announcement from peers with invalid ports#513
Conversation
|
🙌 Thanks for opening this pull request! You're awesome. |
|
wtf, how can this ever occur on an actual network stack? |
|
It is not possible in an actual TCP or UDP connection, any port lower than 1 and higher than 65535 is invalid. In the UDP tracker, this is handled as the port is a read as a In the HTTP tracker, this port is cast as a These values then crash the server elsewhere as there are assumptions that only valid port ranges would added to the swarm. |
SilentBot1
force-pushed
the
issue/512-invalid-ports
branch
from
f11b7f0 to
20d777a
Compare
SilentBot1
changed the title
|
idk, I don't think I'll ever have time to review this, as there's too many things to understand and consider, such as: |
Due to the port in this case coming from |
|
🎉 Congrats on getting your first pull request landed! |
## [11.0.2](v11.0.1...v11.0.2) (2024-03-12) ### Bug Fixes * **parse-http:** ignore announcements from peers with invalid announcement ports. ([#513](#513)) ([fe75272](fe75272))
|
🎉 This PR is included in version 11.0.2 🎉 The release is available on: Your semantic-release bot 📦🚀 |
3 participants
What is the purpose of this pull request? (put an "X" next to item)
[ ] Documentation update
[x] Bug fix
[ ] New feature
[ ] Other, please explain:
What changes did you make? (Give an overview)
This change implements a small check within
parse-http.jsto prevent peers with invalid announcement ports from having their announcements accepted or added to the swarm. Valid ports within this implementation are considered any port within the range of 1 - 65535.Note: Port 0 is excluded as it is invalid for communication between hosts and is only used for local dynamic port binding.
Which issue (if any) does this pull request address?
#512
Is there anything you'd like reviewers to focus on?