From 126e1dc0f41248c93b9aea46624a55de6b49a5ef Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 14 Jul 2013 00:19:45 +1200
Subject: [PATCH] Better handling of strange port values in Host:

We can do better than just producing errors about invalid port details
and treatign it as port-0.
We can instead undo the port separation and pass it through as part of
the host name to be verified with the default port number properly
assumed.
---
 src/client_side_request.cc | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index 092aa39fe7..7045cfbc7d 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -633,8 +633,16 @@ ClientRequestContext::hostHeaderVerify()
     uint16_t port = 0;
     if (portStr) {
         *portStr = '\0'; // strip the ':'
-        if (*(++portStr) != '\0')
-            port = xatoi(portStr);
+        if (*(++portStr) != '\0') {
+            char *end = NULL;
+            int64_t ret = strtoll(portStr, &end, 10);
+            if (end == portStr || *end != '\0' || ret < 1 || ret > 0xFFFF) {
+                // invalid port details. Replace the ':'
+                *(--portStr) = ':';
+                portStr = NULL;
+            } else
+                port = (ret & 0xFFFF);
+        }
     }
 
     debugs(85, 3, HERE << "validate host=" << host << ", port=" << port << ", portStr=" << (portStr?portStr:"NULL"));
-- 
2.47.3