Permalink
Browse files

Verify range of port numbers before using them

Fixes #1035
  • Loading branch information...
1 parent 68acd5b commit e7b91c0ad49132cffd449f7926027ee2c1e5524e @KristianLyng KristianLyng committed with Tollef Fog Heen May 9, 2012
Showing with 14 additions and 1 deletion.
  1. +8 −0 bin/varnishtest/tests/r01035.vtc
  2. +6 −1 lib/libvarnish/vss.c
@@ -0,0 +1,8 @@
+varnishtest "Test case for #1035"
+
+varnish v1 -arg "-a 127.0.0.1:80 -b localhost:8080"
+varnish v1 -cliok "param.set listen_address 127.0.0.1:80"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:65540"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:65536"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:-1"
+varnish v1 -cliok "param.set listen_address 127.0.0.1:65535"
View
@@ -134,6 +134,7 @@ VSS_resolve(const char *addr, const char *port, struct vss_addr ***vap)
struct addrinfo hints, *res0, *res;
struct vss_addr **va;
int i, ret;
+ long int ptst;
char *adp, *hop;
*vap = NULL;
@@ -147,8 +148,12 @@ VSS_resolve(const char *addr, const char *port, struct vss_addr ***vap)
if (adp == NULL)
ret = getaddrinfo(addr, port, &hints, &res0);
- else
+ else {
+ ptst = strtol(adp,NULL,10);
+ if (ptst < 0 || ptst > 65535)
+ return(0);
ret = getaddrinfo(hop, adp, &hints, &res0);
+ }
free(hop);
free(adp);

0 comments on commit e7b91c0

Please sign in to comment.