From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 14 Dec 2022 22:16:16 +0000 (+0100)
Subject: altsvc: fix rejection of negative port numbers
X-Git-Tag: curl-7_87_0~21
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b740f152a8582861de737562d92d81c5e8a3c710;p=thirdparty%2Fcurl.git

altsvc: fix rejection of negative port numbers

Follow-up to ac612dfeee95

strtoul() accepts a leading minus so better make sure there is none

Extended test 356 somewhat to use a huge negative 64 bit number that
otherwise becomes a low positive number.

Closes #10095
---

diff --git a/lib/altsvc.c b/lib/altsvc.c
index 7bca840151..ec18e381c8 100644
--- a/lib/altsvc.c
+++ b/lib/altsvc.c
@@ -517,15 +517,21 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
           dsthost = srchost;
         }
         if(*p == ':') {
-          /* a port number */
-          unsigned long port = strtoul(++p, &end_ptr, 10);
-          if(port > USHRT_MAX || end_ptr == p || *end_ptr != '\"') {
+          unsigned long port = 0;
+          p++;
+          if(ISDIGIT(*p))
+            /* a port number */
+            port = strtoul(p, &end_ptr, 10);
+          else
+            end_ptr = (char *)p; /* not left uninitialized */
+          if(!port || port > USHRT_MAX || end_ptr == p || *end_ptr != '\"') {
             infof(data, "Unknown alt-svc port number, ignoring.");
             valid = FALSE;
           }
-          else
+          else {
             dstport = curlx_ultous(port);
-          p = end_ptr;
+            p = end_ptr;
+          }
         }
         if(*p++ != '\"')
           break;
diff --git a/tests/data/test356 b/tests/data/test356
index 9f6459487c..b1dd349884 100644
--- a/tests/data/test356
+++ b/tests/data/test356
@@ -17,6 +17,7 @@ Connection: close
 Content-Type: text/html
 Funny-head: yesyes
 Alt-Svc: h1="nowhere.foo:-1"
+Alt-Svc: h1="nowhere.foo:-18446744073709551614"
 Alt-Svc: h1="nowhere.foo:81", un-kno22!wn=":82"
 Alt-Svc: h1="nowhere.foo:70000"