From: msweet <msweet@a1ca3aef-8c08-0410-bb20-df032aa958be>
Date: Fri, 13 Nov 2015 20:01:52 +0000 (+0000)
Subject: Range check port numbers in URIs (<rdar://problem/23144461>)
X-Git-Tag: v2.2b1~152
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=044af446cd3000194adb9e52551098bdfb47bdc1;p=thirdparty%2Fcups.git

Range check port numbers in URIs (<rdar://problem/23144461>)


git-svn-id: svn+ssh://src.apple.com/svn/cups/cups.org/trunk@12969 a1ca3aef-8c08-0410-bb20-df032aa958be
---

diff --git a/CHANGES-2.1.txt b/CHANGES-2.1.txt
index 63211b5503..04b8bcc37e 100644
--- a/CHANGES-2.1.txt
+++ b/CHANGES-2.1.txt
@@ -12,7 +12,8 @@ CHANGES IN CUPS V2.1.1
 	  <rdar://problem/23134356>, <rdar://problem/23134415>,
 	  <rdar://problem/23134506>, <rdar://problem/23135066>,
 	  <rdar://problem/23135122>, <rdar://problem/23135207>,
-	  <rdar://problem/23144290>, <rdar://problem/23144358>)
+	  <rdar://problem/23144290>, <rdar://problem/23144358>,
+	  <rdar://problem/23144461>)
 	- The cupsGetPPD* functions did not work with IPP printers (STR #4725)
 	- Some older HP LaserJet printers need a delayed close when printing
 	  using the libusb-based USB backend (STR #4549)
diff --git a/cups/http-support.c b/cups/http-support.c
index aae75e12d7..b98468adb5 100644
--- a/cups/http-support.c
+++ b/cups/http-support.c
@@ -1233,6 +1233,12 @@ httpSeparateURI(
 
       *port = (int)strtol(uri + 1, (char **)&uri, 10);
 
+      if (*port <= 0 || *port > 65535)
+      {
+        *port = 0;
+        return (HTTP_URI_STATUS_BAD_PORT);
+      }
+
       if (*uri != '/' && *uri)
       {
         *port = 0;