From 63523c28870a5fd0db1fb7b986d77de42339bbb8 Mon Sep 17 00:00:00 2001 From: Szymon Marczak <36894700+szmarczak@users.noreply.github.com> Date: Wed, 27 Jul 2022 22:16:12 +0200 Subject: [PATCH] fix: handle invalid CONNECT path --- package.json | 2 +- src/server.ts | 6 +++++- test/server.js | 18 ++++++++++++++++++ 3 files changed, 24 insertions(+), 2 deletions(-) diff --git a/package.json b/package.json index 26369a76..d7e3c8de 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "proxy-chain", - "version": "2.0.4", + "version": "2.0.5", "description": "Node.js implementation of a proxy server (think Squid) with support for SSL, authentication, upstream proxy chaining, and protocol tunneling.", "main": "dist/index.js", "keywords": [ diff --git a/src/server.ts b/src/server.ts index a1384de7..f277c84a 100644 --- a/src/server.ts +++ b/src/server.ts @@ -306,7 +306,11 @@ export class Server extends EventEmitter { if (request.method === 'CONNECT') { // CONNECT server.example.com:80 HTTP/1.1 - handlerOpts.trgParsed = new URL(`connect://${request.url}`); + try { + handlerOpts.trgParsed = new URL(`connect://${request.url}`); + } catch { + throw new RequestError(`Target "${request.url}" could not be parsed`, 400); + } if (!handlerOpts.trgParsed.hostname || !handlerOpts.trgParsed.port) { throw new RequestError(`Target "${request.url}" could not be parsed`, 400); diff --git a/test/server.js b/test/server.js index e04d2161..6e3199f7 100644 --- a/test/server.js +++ b/test/server.js @@ -915,6 +915,24 @@ const createTestSuite = ({ }); } + it('handles invalid CONNECT path', (done) => { + const req = http.request(mainProxyUrl, { + method: 'CONNECT', + path: ':443', + headers: { + host: ':443', + }, + }); + req.once('connect', (response, socket, head) => { + expect(response.statusCode).to.equal(400); + + socket.destroy(); + done(); + }); + + req.end(); + }); + _it('returns 404 for non-existent hostname', () => { const opts = getRequestOpts(`http://${NON_EXISTENT_HOSTNAME}`); return requestPromised(opts)