From 94050d44e407fef03f81e0836ea51bfc6e04141e Mon Sep 17 00:00:00 2001
From: Cody Hanson <cody.hanson@flukenetworks.com>
Date: Thu, 30 May 2013 10:54:59 -0600
Subject: [PATCH] Added bounds checking for listening_ports. Needs to be a
 valid TCP port number, and not less than 1 or greater than 65535

---
 mongoose.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mongoose.c b/mongoose.c
index 174c7bcbe..470e9a4db 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -4291,6 +4291,8 @@ static int parse_port_string(const struct vec *vec, struct socket *so) {
   } else if (sscanf(vec->ptr, "%d%n", &port, &len) != 1 ||
              len <= 0 ||
              len > (int) vec->len ||
+             port < 1 ||
+             port > 65535 ||
              (vec->ptr[len] && vec->ptr[len] != 's' &&
               vec->ptr[len] != 'r' && vec->ptr[len] != ',')) {
     return 0;
-- 
GitLab