fix: "invalid ip address" "daemon can be crashed by remote user"

Per the nodeJS documentation, a Net socket.remoteAddress value may be undefined if the socket is destroyed, as by a client disconnect. A multiaddr cannot be created for an invalid IP address (such as the undefined remote address of a destroyed socket). Currently the attempt results in a crash that can be triggered remotely. This commit terminates processing of a destroyed socket before multiaddr causes the crash. fixes: libp2p#93 fixes: ipfs/js-ipfs#1447
TomCoded · Jul 23, 2018 · b458077 · b458077
1 parent d39ec2d
commit b458077
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/src/listener.js b/src/listener.js
@@ -24,6 +24,12 @@ module.exports = (handler) => {
     // Avoid uncaught errors cause by unstable connections
     socket.on('error', noop)
 
+    if (socket.remoteAddress === undefined ||
+      socket.remotePort === undefined) {
+      log('connection closed before p2p connection made')
+      return
+    }
+
     const addr = getMultiaddr(socket)
     log('new connection', addr.toString())