fix: invalid ip address and daemon can be crashed by remote user

Per the nodeJS documentation, a Net socket.remoteAddress value may be undefined if the socket is destroyed, as by a client disconnect. A multiaddr cannot be created for an invalid IP address (such as the undefined remote address of a destroyed socket). Currently the attempt results in a crash that can be triggered remotely. This commit catches the exception in get-multiaddr and returns an undefined value to listener rather than throwing an exception when trying to process defective or destroyed socket data. Listener then terminates processing of the incoming p2p connections that generate this error condition. fixes: https://github.com/libp2p/js-libp2p-tcp/issues/93 fixes: https://github.com/ipfs/js-ipfs/issues/1447
2025-06-12 21:11:30 +00:00 · 2018-07-23 03:48:26 +00:00
parent 6c36a46831
commit 4b04b17dfa
3 changed files with 82 additions and 14 deletions
--- a/src/get-multiaddr.js
+++ b/src/get-multiaddr.js
@ -2,27 +2,32 @@

 const multiaddr = require('multiaddr')
 const Address6 = require('ip-address').Address6
+const debug = require('debug')
+const log = debug('libp2p:tcp:get-multiaddr')

 module.exports = (socket) => {
  let ma

-  if (socket.remoteFamily === 'IPv6') {
-    const addr = new Address6(socket.remoteAddress)
+  try {
+    if (socket.remoteFamily === 'IPv6') {
+      const addr = new Address6(socket.remoteAddress)

-    if (addr.v4) {
-      const ip4 = addr.to4().correctForm()
-      ma = multiaddr('/ip4/' + ip4 +
-        '/tcp/' + socket.remotePort
-      )
+      if (addr.v4) {
+        const ip4 = addr.to4().correctForm()
+        ma = multiaddr('/ip4/' + ip4 +
+          '/tcp/' + socket.remotePort
+        )
+      } else {
+        ma = multiaddr('/ip6/' + socket.remoteAddress +
+          '/tcp/' + socket.remotePort
+        )
+      }
    } else {
-      ma = multiaddr('/ip6/' + socket.remoteAddress +
-        '/tcp/' + socket.remotePort
-      )
+      ma = multiaddr('/ip4/' + socket.remoteAddress +
+        '/tcp/' + socket.remotePort)
    }
-  } else {
-    ma = multiaddr('/ip4/' + socket.remoteAddress +
-      '/tcp/' + socket.remotePort)
+  } catch (err) {
+    log(err)
  }
-
  return ma
 }
--- a/src/listener.js
+++ b/src/listener.js
@ -25,6 +25,15 @@ module.exports = (handler) => {
    socket.on('error', noop)

    const addr = getMultiaddr(socket)
+    if (!addr) {
+      if (socket.remoteAddress === undefined) {
+        log('connection closed before p2p connection made')
+      } else {
+        log('error interpreting incoming p2p connection')
+      }
+      return
+    }
+
    log('new connection', addr.toString())

    const s = toPull.duplex(socket)