dovecot-2.2: lib: uri-util - harden uri_parse_port against overflow

[dovecot at dovecot.org]

details:   http://hg.dovecot.org/dovecot-2.2/rev/659ea72a82aa
changeset: 17559:659ea72a82aa
user:      Phil Carmody <phil at dovecot.fi>
date:      Wed Jul 02 18:21:24 2014 +0300
description:
lib: uri-util - harden uri_parse_port against overflow
The invalid input 72817 (2^16*10/9) is parsed as a valid value.
7281 * 10 + 7 = 72817 == 7281 (mod 2^16), so the prev check fails.

Signed-off-by: Phil Carmody <phil at dovecot.fi>

diffstat:

 src/lib/uri-util.c |  8 +++-----
 1 files changed, 3 insertions(+), 5 deletions(-)

diffs (25 lines):

diff -r f21e0f0e42a3 -r 659ea72a82aa src/lib/uri-util.c
--- a/src/lib/uri-util.c	Wed Jul 02 18:21:24 2014 +0300
+++ b/src/lib/uri-util.c	Wed Jul 02 18:21:24 2014 +0300
@@ -479,7 +479,7 @@
 
 static int uri_parse_port(struct uri_parser *parser, struct uri_authority *auth)
 {
-	in_port_t port = 0;
+	unsigned long port = 0;
 	int count = 0;
 
 	/* RFC 3986:
@@ -488,10 +488,8 @@
 	 */
 
 	while (parser->cur < parser->end && i_isdigit(*parser->cur)) {
-		in_port_t prev = port;
-
-		port = port * 10 + (in_port_t)(parser->cur[0] - '0');
-		if (port < prev) {
+		port = port * 10 + (parser->cur[0] - '0');
+		if (port > (in_port_t)-1) {
 			parser->error = "Port number is too high";
 			return -1;
 		}