diff options
author | Tobias Nießen <tniessen@tnie.de> | 2022-09-25 15:34:05 +0300 |
---|---|---|
committer | Beth Griggs <bethanyngriggs@gmail.com> | 2022-11-02 01:56:04 +0300 |
commit | 9ffddd7098751cf888c611edac654607d7548c6d (patch) | |
tree | d3ecb564be1159f479ddaab392b912d70adecc15 /vcbuild.bat | |
parent | 7051ba4501883955daa6bf8e442fef0c32aa5ea3 (diff) |
inspector: harden IP address validation again
Use inet_pton() to parse IP addresses, which restricts IP addresses
to a small number of well-defined formats. In particular, octal and
hexadecimal number formats are not allowed, and neither are leading
zeros. Also explicitly reject 0.0.0.0/8 and ::/128 as non-routable.
Refs: https://hackerone.com/reports/1710652
CVE-ID: CVE-2022-43548
PR-URL: https://github.com/nodejs-private/node-private/pull/354
Reviewed-by: Michael Dawson <midawson@redhat.com>
Reviewed-by: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-by: Rich Trott <rtrott@gmail.com>
Diffstat (limited to 'vcbuild.bat')
0 files changed, 0 insertions, 0 deletions