(apisix) branch master updated: fix(schema): the port value greater than 65535 should not be allowed (#11043)

Thu, 21 Mar 2024 04:15:19 -0700 

This is an automated email from the ASF dual-hosted git repository.

shreemaanabhishek pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git


The following commit(s) were added to refs/heads/master by this push:
     new c0e3d9150 fix(schema): the port value greater than 65535 should not be 
allowed (#11043)
c0e3d9150 is described below

commit c0e3d9150f06c3140a52d145782085d26bc1ea67
Author: 徐瑞东 <[email protected]>
AuthorDate: Thu Mar 21 19:15:07 2024 +0800

    fix(schema): the port value greater than 65535 should not be allowed 
(#11043)
---
 apisix/schema_def.lua |   4 ++
 apisix/upstream.lua   |  12 ++++++
 t/node/invalid-port.t | 105 ++++++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 121 insertions(+)

diff --git a/apisix/schema_def.lua b/apisix/schema_def.lua
index fa6852a94..f32074448 100644
--- a/apisix/schema_def.lua
+++ b/apisix/schema_def.lua
@@ -309,6 +309,7 @@ local nodes_schema = {
                         description = "port of node",
                         type = "integer",
                         minimum = 1,
+                        maximum = 65535
                     },
                     weight = {
                         description = "weight of node",
@@ -342,6 +343,7 @@ _M.discovery_nodes = {
                 description = "port of node",
                 type = "integer",
                 minimum = 1,
+                maximum = 65535
             },
             weight = {
                 description = "weight of node",
@@ -901,6 +903,8 @@ _M.stream_route = {
         server_port = {
             description = "server port",
             type = "integer",
+            minimum = 1,
+            maximum = 65535
         },
         sni = {
             description = "server name indication",
diff --git a/apisix/upstream.lua b/apisix/upstream.lua
index 603c66589..eb5e467da 100644
--- a/apisix/upstream.lua
+++ b/apisix/upstream.lua
@@ -451,6 +451,18 @@ local function check_upstream_conf(in_dp, conf)
             return false, "invalid configuration: " .. err
         end
 
+        if conf.nodes and not core.table.isarray(conf.nodes) then
+            local port
+            for addr,_ in pairs(conf.nodes) do
+                _, port = core.utils.parse_addr(addr)
+                if port then
+                    if port < 1 or port > 65535 then
+                        return false, "invalid port " .. tostring(port)
+                    end
+                end
+            end
+        end
+
         local ssl_id = conf.tls and conf.tls.client_cert_id
         if ssl_id then
             local key = "/ssls/" .. ssl_id
diff --git a/t/node/invalid-port.t b/t/node/invalid-port.t
new file mode 100755
index 000000000..a058769e9
--- /dev/null
+++ b/t/node/invalid-port.t
@@ -0,0 +1,105 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+use t::APISIX 'no_plan';
+
+no_root_location();
+
+run_tests();
+
+__DATA__
+
+=== TEST 1: set upstream with a invalid node port
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/upstreams/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                     "nodes": [{
+                        "port": 65536,
+                        "host": "127.0.0.1",
+                        "weight": 1
+                    }],
+                    "type": "roundrobin"
+                }]]
+                )
+
+            ngx.status = code
+
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like
+{"error_msg":"invalid configuration: property \\\"nodes\\\" validation failed: 
object matches none of the required"}
+
+
+
+=== TEST 2: set upstream with a node port greater than 65535
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/upstreams/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                     "nodes": {
+                        "127.0.0.1:65536": 1
+                     }
+                }]]
+                )
+
+            ngx.status = code
+
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like
+{"error_msg":"invalid port 65536"}
+
+
+
+=== TEST 3: set upstream with a node port less than 1
+--- config
+    location /t {
+        content_by_lua_block {
+            local t = require("lib.test_admin").test
+            local code, body = t('/apisix/admin/upstreams/1',
+                 ngx.HTTP_PUT,
+                 [[{
+                     "nodes": {
+                     "127.0.0.1:0": 1
+                     }
+                }]]
+                )
+
+            ngx.status = code
+
+            ngx.say(body)
+        }
+    }
+--- request
+GET /t
+--- error_code: 400
+--- response_body_like
+{"error_msg":"invalid port 0"}

Reply via email to