Range check port numbers in URIs (<rdar://problem/23144461>)

git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12969 a1ca3aef-8c08-0410-bb20-df032aa958be

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index 63211b5503ab53531e2a3f32d38e8d27d2934918..04b8bcc37e8348a0cfe61ba1d23391ec11d7688e 100644 (file)
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -12,7 +12,8 @@ CHANGES IN CUPS V2.1.1
          <rdar://problem/23134356>, <rdar://problem/23134415>,
          <rdar://problem/23134506>, <rdar://problem/23135066>,
          <rdar://problem/23135122>, <rdar://problem/23135207>,
-         <rdar://problem/23144290>, <rdar://problem/23144358>)
+         <rdar://problem/23144290>, <rdar://problem/23144358>,
+         <rdar://problem/23144461>)
        - The cupsGetPPD* functions did not work with IPP printers (STR #4725)
        - Some older HP LaserJet printers need a delayed close when printing
          using the libusb-based USB backend (STR #4549)

diff --git a/cups/http-support.c b/cups/http-support.c
index aae75e12d761ab44cb11c4ab88fd0c70b8f9c325..b98468adb51e62a767f2ed0ec56dbd937be5ba07 100644 (file)
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1233,6 +1233,12 @@ httpSeparateURI(
 
       *port = (int)strtol(uri + 1, (char **)&uri, 10);
 
+      if (*port <= 0 || *port > 65535)
+      {
+        *port = 0;
+        return (HTTP_URI_STATUS_BAD_PORT);
+      }
+
       if (*uri != '/' && *uri)
       {
         *port = 0;