Added bounds checking for listening_ports.

Needs to be a valid TCP port number, and not less than 1 or greater than 65535
2025-01-16 20:41:20 +08:00 · 2013-05-30 10:54:59 -06:00 · 2013-05-30 10:54:59 -06:00 · 94050d44e4
commit 94050d44e4
parent be01471968
1 changed files with 2 additions and 0 deletions
--- a/mongoose.c
+++ b/mongoose.c
@ -4291,6 +4291,8 @@ static int parse_port_string(const struct vec *vec, struct socket *so) {
  } else if (sscanf(vec->ptr, "%d%n", &port, &len) != 1 ||
             len <= 0 ||
             len > (int) vec->len ||
+             port < 1 ||
+             port > 65535 ||
             (vec->ptr[len] && vec->ptr[len] != 's' &&
              vec->ptr[len] != 'r' && vec->ptr[len] != ',')) {
    return 0;