From 203eea0426044167eac894503c1d9f592e11e1fd Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 27 Dec 2024 13:21:28 +0000
Subject: [PATCH 1/2] ext/sockets: socket_create_listen() check port value
 beforehand.

port is a 16 bit field, limited to the 65535 value then.
Note that 0 is a valid case for ephemeral port.
---
 ext/sockets/sockets.c                         |  5 ++++
 .../socket_create_listen_invalid_port.phpt    | 24 +++++++++++++++++++
 2 files changed, 29 insertions(+)
 create mode 100644 ext/sockets/tests/socket_create_listen_invalid_port.phpt

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 7da3eceea1f80..d9dfc6f261156 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -680,6 +680,11 @@ PHP_FUNCTION(socket_create_listen)
 		Z_PARAM_LONG(backlog)
 	ZEND_PARSE_PARAMETERS_END();
 
+	if (port < 0 || port > USHRT_MAX) {
+		zend_argument_value_error(1, "must be between 0 and %u", USHRT_MAX);
+		RETURN_THROWS();
+	}
+
 	object_init_ex(return_value, socket_ce);
 	php_sock = Z_SOCKET_P(return_value);
 
diff --git a/ext/sockets/tests/socket_create_listen_invalid_port.phpt b/ext/sockets/tests/socket_create_listen_invalid_port.phpt
new file mode 100644
index 0000000000000..35182139ee6fe
--- /dev/null
+++ b/ext/sockets/tests/socket_create_listen_invalid_port.phpt
@@ -0,0 +1,24 @@
+--TEST--
+socket_create_listen() using invalid ports
+--EXTENSIONS--
+sockets
+--FILE--
+<?php
+var_dump(socket_create_listen(0));
+
+try {
+	socket_create_listen(-1);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+try {
+	socket_create_listen(65536);
+} catch (\ValueError $e) {
+	echo $e->getMessage() . PHP_EOL;
+}
+?>
+--EXPECT--
+object(Socket)#1 (0) {
+}
+socket_create_listen(): Argument #1 ($port) must be between 0 and 65535
+socket_create_listen(): Argument #1 ($port) must be between 0 and 65535

From 4165f1b8abf4a50607b87aa1ef9e2cd8fb68b11d Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Fri, 27 Dec 2024 13:28:42 +0000
Subject: [PATCH 2/2] changes the implicit port type cast truncation

---
 ext/sockets/sockets.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index d9dfc6f261156..9681739066952 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -217,7 +217,7 @@ zend_module_entry sockets_module_entry = {
 ZEND_GET_MODULE(sockets)
 #endif
 
-static bool php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{ */
+static bool php_open_listen_sock(php_socket *sock, unsigned short port, int backlog) /* {{{ */
 {
 	struct sockaddr_in  la = {0};
 	struct hostent	    *hp;
@@ -232,7 +232,7 @@ static bool php_open_listen_sock(php_socket *sock, int port, int backlog) /* {{{
 
 	memcpy((char *) &la.sin_addr, hp->h_addr, hp->h_length);
 	la.sin_family = hp->h_addrtype;
-	la.sin_port = htons((unsigned short) port);
+	la.sin_port = htons(port);
 
 	sock->bsd_socket = socket(PF_INET, SOCK_STREAM, 0);
 	sock->blocking = 1;
@@ -688,7 +688,7 @@ PHP_FUNCTION(socket_create_listen)
 	object_init_ex(return_value, socket_ce);
 	php_sock = Z_SOCKET_P(return_value);
 
-	if (!php_open_listen_sock(php_sock, port, backlog)) {
+	if (!php_open_listen_sock(php_sock, (unsigned short)port, backlog)) {
 		zval_ptr_dtor(return_value);
 		RETURN_FALSE;
 	}