Catch over-large port numbers early in http

Otherwise integer overflow potentially turns the port number into garbage.

diff --git a/http.c b/http.c
index 51470225e9bb53960e473c6f60e125d749ee41a0..093dd063f3e3714a68b46d173aeaefffa3663f0c 100644 (file)
--- a/http.c
+++ b/http.c
@@ -4289,6 +4289,8 @@ parse_port(const char *s, const char *eos)
                portnum = (portnum * 10) + (*s - '0');
                if (portnum < 0)
                        return -1;
+               if (portnum > 65535)
+                       return -1;
                ++s;
        }
        return portnum;