From: Ondřej Surý Date: Wed, 11 Mar 2026 12:18:01 +0000 (+0100) Subject: Fix port validation rejecting valid port 65535 X-Git-Tag: v9.21.21~44^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=66ce33603b6b2ebd1dd651c8f12fa0675b913a07;p=thirdparty%2Fbind9.git Fix port validation rejecting valid port 65535 A few port validation checks use >= UINT16_MAX instead of > UINT16_MAX, incorrectly rejecting port 65535 as out of range. Port 65535 is a valid TCP/UDP port number. Other port checks in the same file already use the correct > comparison. --- diff --git a/bin/named/config.c b/bin/named/config.c index 7c74b527393..a4753671091 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -654,7 +654,7 @@ named_config_getport(const cfg_obj_t *config, const char *type, result = named_config_get(maps, type, &portobj); INSIST(result == ISC_R_SUCCESS); - if (cfg_obj_asuint32(portobj) >= UINT16_MAX) { + if (cfg_obj_asuint32(portobj) > UINT16_MAX) { cfg_obj_log(portobj, ISC_LOG_ERROR, "port '%u' out of range", cfg_obj_asuint32(portobj)); return ISC_R_RANGE; diff --git a/bin/named/server.c b/bin/named/server.c index 25eb888e7ad..fa51bd260f5 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -10556,7 +10556,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, } } } else { - if (cfg_obj_asuint32(portobj) >= UINT16_MAX) { + if (cfg_obj_asuint32(portobj) > UINT16_MAX) { return ISC_R_RANGE; } port = (in_port_t)cfg_obj_asuint32(portobj); diff --git a/lib/isccfg/check.c b/lib/isccfg/check.c index 87c9fa7547c..6596b506371 100644 --- a/lib/isccfg/check.c +++ b/lib/isccfg/check.c @@ -487,7 +487,7 @@ checkacl(const char *aclname, cfg_aclconfctx_t *aclctx, cfg_tuple_get(aclobj, "port-transport"), "transport"); if (cfg_obj_isuint32(obj_port) && - cfg_obj_asuint32(obj_port) >= UINT16_MAX) + cfg_obj_asuint32(obj_port) > UINT16_MAX) { cfg_obj_log(obj_port, ISC_LOG_ERROR, "port value '%u' is out of range", @@ -1067,8 +1067,7 @@ check_listener(const cfg_obj_t *listener, const cfg_obj_t *config, } portobj = cfg_tuple_get(ltup, "port"); - if (cfg_obj_isuint32(portobj) && - cfg_obj_asuint32(portobj) >= UINT16_MAX) + if (cfg_obj_isuint32(portobj) && cfg_obj_asuint32(portobj) > UINT16_MAX) { cfg_obj_log(portobj, ISC_LOG_ERROR, "port value '%u' is out of range", @@ -1166,7 +1165,7 @@ check_port(const cfg_obj_t *options, const char *type, in_port_t *portp) { return ISC_R_SUCCESS; } - if (cfg_obj_asuint32(portobj) >= UINT16_MAX) { + if (cfg_obj_asuint32(portobj) > UINT16_MAX) { cfg_obj_log(portobj, ISC_LOG_ERROR, "port '%u' out of range", cfg_obj_asuint32(portobj)); return ISC_R_RANGE;