closes vercel#55050, add reserved port validation

olingern · Sep 11, 2023 · 9a2ae95 · 9a2ae95
1 parent 92e1b3f
commit 9a2ae95
Show file tree

Hide file tree

Showing 3 changed files with 124 additions and 0 deletions.
diff --git a/packages/next/src/cli/next-start.ts b/packages/next/src/cli/next-start.ts
@@ -4,6 +4,11 @@ import { startServer } from '../server/lib/start-server'
 import { getPort, printAndExit } from '../server/lib/utils'
 import { getProjectDir } from '../lib/get-project-dir'
 import { CliCommand } from '../lib/commands'
+import {
+  getPortIsReserved,
+  getReservedPortExplanation,
+  ReservedPort,
+} from '../lib/helpers/get-reserved-port'
 
 const nextStart: CliCommand = async (args) => {
   if (args['--help']) {
@@ -31,6 +36,10 @@ const nextStart: CliCommand = async (args) => {
   const host = args['--hostname']
   const port = getPort(args)
 
+  if (getPortIsReserved(port)) {
+    printAndExit(getReservedPortExplanation(port as ReservedPort), 1)
+  }
+
   const isExperimentalTestProxy = args['--experimental-test-proxy']
 
   const keepAliveTimeoutArg: number | undefined = args['--keepAliveTimeout']

diff --git a/packages/next/src/lib/helpers/get-reserved-port.ts b/packages/next/src/lib/helpers/get-reserved-port.ts
@@ -0,0 +1,93 @@
+/** https://fetch.spec.whatwg.org/#port-blocking */
+export const KNOWN_RESERVED_PORTS = {
+  1: 'tcpmux',
+  7: 'echo',
+  9: 'discard',
+  11: 'systat',
+  13: 'daytime',
+  15: 'netstat',
+  17: 'qotd',
+  19: 'chargen',
+  20: 'ftp-data',
+  21: 'ftp',
+  22: 'ssh',
+  23: 'telnet',
+  25: 'smtp',
+  37: 'time',
+  42: 'name',
+  43: 'nicname',
+  53: 'domain',
+  69: 'tftp',
+  77: 'rje',
+  79: 'finger',
+  87: 'link',
+  95: 'supdup',
+  101: 'hostname',
+  102: 'iso-tsap',
+  103: 'gppitnp',
+  104: 'acr-nema',
+  109: 'pop2',
+  110: 'pop3',
+  111: 'sunrpc',
+  113: 'auth',
+  115: 'sftp',
+  117: 'uucp-path',
+  119: 'nntp',
+  123: 'ntp',
+  135: 'epmap',
+  137: 'netbios-ns',
+  139: 'netbios-ssn',
+  143: 'imap',
+  161: 'snmp',
+  179: 'bgp',
+  389: 'ldap',
+  427: 'svrloc',
+  465: 'submissions',
+  512: 'exec',
+  513: 'login',
+  514: 'shell',
+  515: 'printer',
+  526: 'tempo',
+  530: 'courier',
+  531: 'chat',
+  532: 'netnews',
+  540: 'uucp',
+  548: 'afp',
+  554: 'rtsp',
+  556: 'remotefs',
+  563: 'nntps',
+  587: 'submission',
+  601: 'syslog-conn',
+  636: 'ldaps',
+  989: 'ftps-data',
+  990: 'ftps',
+  993: 'imaps',
+  995: 'pop3s',
+  1719: 'h323gatestat',
+  1720: 'h323hostcall',
+  1723: 'pptp',
+  2049: 'nfs',
+  3659: 'apple-sasl',
+  4045: 'npp',
+  5060: 'sip',
+  5061: 'sips',
+  6000: 'x11',
+  6566: 'sane-port',
+  6665: 'ircu',
+  6666: 'ircu',
+  6667: 'ircu',
+  6668: 'ircu',
+  6669: 'ircu',
+  6697: 'ircs-u',
+  10080: 'amanda',
+}
+
+export type ReservedPort = keyof typeof KNOWN_RESERVED_PORTS
+
+export function getPortIsReserved(port: number): boolean {
+  return port in KNOWN_RESERVED_PORTS
+}
+
+export function getReservedPortExplanation(port: ReservedPort): string {
+  return `Bad port: '${port}' is reserved for ${KNOWN_RESERVED_PORTS[port]}`
+}
diff --git a/test/integration/cli/test/index.test.js b/test/integration/cli/test/index.test.js
@@ -208,6 +208,28 @@ describe('CLI Usage', () => {
         'Invalid keep alive timeout provided, expected a non negative number'
       )
     })
+
+    test('should not start on a port out of range', async () => {
+      const invalidPort = '300001'
+      const { stderr } = await runNextCommand(['start', '--port', '300001'], {
+        stderr: true,
+      })
+
+      expect(stderr).toContain(
+        `options.port should be >= 0 and < 65536. Received type number (${invalidPort}).`
+      )
+    })
+
+    test('should not start on a reserved port', async () => {
+      const reservedPort = '4045'
+      const { stderr } = await runNextCommand(['start', '--port', '4045'], {
+        stderr: true,
+      })
+      console.log(stderr)
+      expect(stderr).toContain(
+        `Bad port: '${reservedPort}' is reserved for npp`
+      )
+    })
   })
 
   describe('no command', () => {