From: Justin Erenkrantz Date: Mon, 18 Nov 2002 19:24:23 +0000 (+0000) Subject: We shouldn't be assigning the output of strtol to an unsigned short. So, X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f184ee2093bb8dc27224e3d436609b9fc769cbd3;p=thirdparty%2Fapache%2Fhttpd.git We shouldn't be assigning the output of strtol to an unsigned short. So, we'll change port to be a long and then do the correct range checking and downcasting. Suggested by: Roy Fielding git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@97564 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/main/http_core.c b/src/main/http_core.c index cbd523b12af..1e2a9e75e3b 100644 --- a/src/main/http_core.c +++ b/src/main/http_core.c @@ -2597,7 +2597,7 @@ static const char *set_listener(cmd_parms *cmd, void *dummy, char *ips) { listen_rec *new; char *ports, *endptr; - unsigned short port; + long port; const char *err = ap_check_cmd_context(cmd, GLOBAL_ONLY); if (err != NULL) { @@ -2627,10 +2627,10 @@ static const char *set_listener(cmd_parms *cmd, void *dummy, char *ips) new->local_addr.sin_addr.s_addr = ap_get_virthost_addr(ips, NULL); } port = ap_strtol(ports, &endptr, 10); - if (errno || (endptr && *endptr) || !port) { - return "Missing or non-numeric port"; + if (errno || (endptr && *endptr) || port < 1 || port > 65535) { + return "Missing, invalid, or non-numeric port"; } - new->local_addr.sin_port = htons(port); + new->local_addr.sin_port = htons((unsigned short)port); new->fd = -1; new->used = 0; new->next = ap_listeners;