Add validation to prevent invalid ports, closes #1034

2018-03-10 13:10:40 -06:00 · 2018-03-10 13:10:40 -06:00 · 40c74ae1e7
commit 40c74ae1e7
parent bc3cb7bfd5
10 changed files with 205 additions and 152 deletions
--- a/app/Services/Allocations/AssignmentService.php
+++ b/app/Services/Allocations/AssignmentService.php
@ -1,26 +1,24 @@
 <?php
-/**
- * Pterodactyl - Panel
- * Copyright (c) 2015 - 2017 Dane Everitt <dane@daneeveritt.com>.
- *
- * This software is licensed under the terms of the MIT license.
- * https://opensource.org/licenses/MIT
- */

 namespace Pterodactyl\Services\Allocations;

 use IPTools\Network;
 use Pterodactyl\Models\Node;
 use Illuminate\Database\ConnectionInterface;
-use Pterodactyl\Exceptions\DisplayException;
 use Pterodactyl\Contracts\Repository\AllocationRepositoryInterface;
+use Pterodactyl\Exceptions\Service\Allocation\CidrOutOfRangeException;
+use Pterodactyl\Exceptions\Service\Allocation\PortOutOfRangeException;
+use Pterodactyl\Exceptions\Service\Allocation\InvalidPortMappingException;
+use Pterodactyl\Exceptions\Service\Allocation\TooManyPortsInRangeException;

 class AssignmentService
 {
    const CIDR_MAX_BITS = 27;
    const CIDR_MIN_BITS = 32;
+    const PORT_FLOOR = 1024;
+    const PORT_CEIL = 65535;
    const PORT_RANGE_LIMIT = 1000;
-    const PORT_RANGE_REGEX = '/^(\d{1,5})-(\d{1,5})$/';
+    const PORT_RANGE_REGEX = '/^(\d{4,5})-(\d{4,5})$/';

    /**
     * @var \Illuminate\Database\ConnectionInterface
@ -38,10 +36,8 @@ class AssignmentService
     * @param \Pterodactyl\Contracts\Repository\AllocationRepositoryInterface $repository
     * @param \Illuminate\Database\ConnectionInterface                        $connection
     */
-    public function __construct(
-        AllocationRepositoryInterface $repository,
-        ConnectionInterface $connection
-    ) {
+    public function __construct(AllocationRepositoryInterface $repository, ConnectionInterface $connection)
+    {
        $this->connection = $connection;
        $this->repository = $repository;
    }
@ -49,21 +45,20 @@ class AssignmentService
    /**
     * Insert allocations into the database and link them to a specific node.
     *
-     * @param int|\Pterodactyl\Models\Node $node
-     * @param array                        $data
+     * @param \Pterodactyl\Models\Node $node
+     * @param array                    $data
     *
-     * @throws \Pterodactyl\Exceptions\DisplayException
+     * @throws \Pterodactyl\Exceptions\Service\Allocation\CidrOutOfRangeException
+     * @throws \Pterodactyl\Exceptions\Service\Allocation\PortOutOfRangeException
+     * @throws \Pterodactyl\Exceptions\Service\Allocation\InvalidPortMappingException
+     * @throws \Pterodactyl\Exceptions\Service\Allocation\TooManyPortsInRangeException
     */
-    public function handle($node, array $data)
+    public function handle(Node $node, array $data)
    {
-        if ($node instanceof Node) {
-            $node = $node->id;
-        }
-
        $explode = explode('/', $data['allocation_ip']);
        if (count($explode) !== 1) {
            if (! ctype_digit($explode[1]) || ($explode[1] > self::CIDR_MIN_BITS || $explode[1] < self::CIDR_MAX_BITS)) {
-                throw new DisplayException(trans('exceptions.allocations.cidr_out_of_range'));
+                throw new CidrOutOfRangeException;
            }
        }

@ -71,7 +66,7 @@ class AssignmentService
        foreach (Network::parse(gethostbyname($data['allocation_ip'])) as $ip) {
            foreach ($data['allocation_ports'] as $port) {
                if (! is_digit($port) && ! preg_match(self::PORT_RANGE_REGEX, $port)) {
-                    throw new DisplayException(trans('exceptions.allocations.invalid_mapping', ['port' => $port]));
+                    throw new InvalidPortMappingException($port);
                }

                $insertData = [];
@ -79,12 +74,16 @@ class AssignmentService
                    $block = range($matches[1], $matches[2]);

                    if (count($block) > self::PORT_RANGE_LIMIT) {
-                        throw new DisplayException(trans('exceptions.allocations.too_many_ports'));
+                        throw new TooManyPortsInRangeException;
+                    }
+
+                    if ((int) $matches[1] <= self::PORT_FLOOR || (int) $matches[2] > self::PORT_CEIL) {
+                        throw new PortOutOfRangeException;
                    }

                    foreach ($block as $unit) {
                        $insertData[] = [
-                            'node_id' => $node,
+                            'node_id' => $node->id,
                            'ip' => $ip->__toString(),
                            'port' => (int) $unit,
                            'ip_alias' => array_get($data, 'allocation_alias'),
@ -92,8 +91,12 @@ class AssignmentService
                        ];
                    }
                } else {
+                    if ((int) $port <= self::PORT_FLOOR || (int) $port > self::PORT_CEIL) {
+                        throw new PortOutOfRangeException;
+                    }
+
                    $insertData[] = [
-                        'node_id' => $node,
+                        'node_id' => $node->id,
                        'ip' => $ip->__toString(),
                        'port' => (int) $port,
                        'ip_alias' => array_get($data, 'allocation_alias'),