fix(cli): improve ipv4 validation

gvzhang · Feb 3, 2017 · 1cbf4d9 · 1cbf4d9
1 parent d030627
commit 1cbf4d9
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 10 deletions.
diff --git a/kong/conf_loader.lua b/kong/conf_loader.lua
@@ -10,8 +10,6 @@ local tablex = require "pl.tablex"
 local utils = require "kong.tools.utils"
 local log = require "kong.cmd.utils.log"
 
-local ipv4_port_pattern = "^(%d+)%.(%d+)%.(%d+)%.(%d+):(%d+)$"
-
 local DEFAULT_PATHS = {
   "/etc/kong/kong.conf",
   "/etc/kong.conf"
@@ -218,13 +216,16 @@ local function check_and_infer(conf)
     end
   end
 
-  if not conf.cluster_listen:match(ipv4_port_pattern) then
+  local ip, port = utils.normalize_ipv4(conf.cluster_listen)
+  if not (ip and port) then
     errors[#errors+1] = "cluster_listen must be in the form of IPv4:port"
   end
-  if not conf.cluster_listen_rpc:match(ipv4_port_pattern) then
+  ip, port = utils.normalize_ipv4(conf.cluster_listen_rpc)
+  if not (ip and port) then
     errors[#errors+1] = "cluster_listen_rpc must be in the form of IPv4:port"
   end
-  if conf.cluster_advertise and not conf.cluster_advertise:match(ipv4_port_pattern) then
+  ip, port = utils.normalize_ipv4(conf.cluster_advertise or "")
+  if conf.cluster_advertise and not (ip and port) then
     errors[#errors+1] = "cluster_advertise must be in the form of IPv4:port"
   end
   if conf.cluster_ttl_on_failure < 60 then

diff --git a/kong/tools/utils.lua b/kong/tools/utils.lua
@@ -438,7 +438,12 @@ _M.normalize_ipv4 = function(address)
   if (a<0) or (a>255) or (b<0) or (b>255) or (c<0) or (c>255) or (d<0) or (d>255) then
     return nil, "invalid ipv4 address: "..address
   end
-  if port then port = tonumber(port) end
+  if port then 
+    port = tonumber(port) 
+    if port > 65535 then
+      return nil, "invalid port number"
+    end
+  end
 
   return fmt("%d.%d.%d.%d",a,b,c,d), port
 end
@@ -457,6 +462,10 @@ _M.normalize_ipv6 = function(address)
       if not port then
         return nil, "invalid ipv6 address"
       end
+      port = tonumber(port)
+      if port > 65535 then
+        return nil, "invalid port number"
+      end
     end
   else
     -- no brackets, so full address only; no brackets, no port
@@ -478,9 +487,6 @@ _M.normalize_ipv6 = function(address)
     return nil, "invalid ipv6 address: "..address
   end
   local zeros = "0000"
-  if port then
-    port = tonumber(port)
-  end
   return lower(fmt("%s:%s:%s:%s:%s:%s:%s:%s",
       zeros:sub(1, 4 - #a)..a,
       zeros:sub(1, 4 - #b)..b,
@@ -501,6 +507,9 @@ _M.check_hostname = function(address)
   if port then
     name = name:sub(1, -(#port+2))
     port = tonumber(port)
+    if port > 65535 then
+      return nil, "invalid port number"
+    end
   end
   local match = name:match("^[%d%a%-%.%_]+$")
   if match == nil then

diff --git a/spec/01-unit/04-utils_spec.lua b/spec/01-unit/04-utils_spec.lua
@@ -338,11 +338,13 @@ describe("Utils", function()
       it("checks valid IPv4 address types", function()
         assert.are.same("ipv4", utils.hostname_type("123.123.123.123"))
         assert.are.same("ipv4", utils.hostname_type("1.2.3.4"))
+        assert.are.same("ipv4", utils.hostname_type("1.2.3.4:80"))
       end)
       it("checks valid IPv6 address types", function()
         assert.are.same("ipv6", utils.hostname_type("::1"))
         assert.are.same("ipv6", utils.hostname_type("2345::6789"))
         assert.are.same("ipv6", utils.hostname_type("0001:0001:0001:0001:0001:0001:0001:0001"))
+        assert.are.same("ipv6", utils.hostname_type("[2345::6789]:80"))
       end)
     end)
     describe("parsing", function()
@@ -359,6 +361,7 @@ describe("Utils", function()
         assert.is_nil(utils.normalize_ipv4("123.123.123.123.123:80"))
         assert.is_nil(utils.normalize_ipv4("localhost:80"))
         assert.is_nil(utils.normalize_ipv4("[::1]:80"))
+        assert.is_nil(utils.normalize_ipv4("123.123.123.123:99999"))
       end)
       it("normalizes IPv6 address types", function()
         assert.are.same({"0000:0000:0000:0000:0000:0000:0000:0001"}, {utils.normalize_ipv6("::1")})
@@ -373,6 +376,7 @@ describe("Utils", function()
         assert.is_nil(utils.normalize_ipv6("[::x]:80"))
         assert.is_nil(utils.normalize_ipv6("[::1]:80a"))
         assert.is_nil(utils.normalize_ipv6("1"))
+        assert.is_nil(utils.normalize_ipv6("[::1]:99999"))
       end)
       it("validates hostnames", function()
         local valids = {"hello.com", "hello.fr", "test.hello.com", "1991.io", "hello.COM",
@@ -387,7 +391,8 @@ describe("Utils", function()
         local invalids = {"/mockbin", ".mockbin", "mockbin.", "mock;bin",
                           "mockbin.com/org",
                           "mockbin-.org", "mockbin.org-",
-                          "hello..mockbin.com", "hello-.mockbin.com"}
+                          "hello..mockbin.com", "hello-.mockbin.com",
+                         }
         for _, name in ipairs(valids) do
           assert.are.same(name, (utils.check_hostname(name)))
         end
@@ -396,6 +401,7 @@ describe("Utils", function()
         end
         for _, name in ipairs(valids) do
           assert.is_nil((utils.check_hostname(name..":xx")))
+          assert.is_nil((utils.check_hostname(name..":99999")))
         end
         for _, name in ipairs(invalids) do
           assert.is_nil((utils.check_hostname(name)))