Verify range of port numbers before using them

Fixes #1035

Verify range of port numbers before using them
Fixes #1035
e7b91c0a · Kristian Lyngstol · Tollef Fog Heen · 68acd5b9 · e7b91c0a · e7b91c0a
Commit e7b91c0a authored May 09, 2012 by Kristian Lyngstol Committed by Tollef Fog Heen May 24, 2012
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 1 deletion

r01035.vtc bin/varnishtest/tests/r01035.vtc +8 -0

vss.c lib/libvarnish/vss.c +6 -1

No files found.
--- a/bin/varnishtest/tests/r01035.vtc
+++ b/bin/varnishtest/tests/r01035.vtc
+varnishtest "Test case for #1035"
+
+varnish v1 -arg "-a 127.0.0.1:80 -b localhost:8080"
+varnish v1 -cliok "param.set listen_address 127.0.0.1:80"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:65540"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:65536"
+varnish v1 -clierr 106 "param.set listen_address 127.0.0.1:-1"
+varnish v1 -cliok "param.set listen_address 127.0.0.1:65535"
--- a/lib/libvarnish/vss.c
+++ b/lib/libvarnish/vss.c
@@ -134,6 +134,7 @@ VSS_resolve(const char *addr, const char *port, struct vss_addr ***vap)
 	struct addrinfo hints, *res0, *res;
 	struct vss_addr **va;
 	int i, ret;
+	long int ptst;
 	char *adp, *hop;

 	*vap = NULL;
@@ -147,8 +148,12 @@ VSS_resolve(const char *addr, const char *port, struct vss_addr ***vap)

 	if (adp == NULL)
 		ret = getaddrinfo(addr, port, &hints, &res0);
-	else
+	else {
+		ptst = strtol(adp,NULL,10);
+		if (ptst < 0 || ptst > 65535)
+			return(0);
 		ret = getaddrinfo(hop, adp, &hints, &res0);
+	}

 	free(hop);
 	free(adp);