URL parser: reject non-numerical port numbers

Test 1281 added to verify
author: Daniel Stenberg <daniel@haxx.se> 2016-12-01 10:32:13 +0100
committer: Daniel Stenberg <daniel@haxx.se> 2016-12-01 10:36:37 +0100
commit: aab33215afb71c52404419bfa0783620a0b5cb75 (patch)
tree: d321b28df15fe6904b6f9fa119917ee24ce8487b /lib
parent: 42253ad943d21310e75829c8e7998b9d57115c06 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/lib/url.c b/lib/url.c
index dd3f62d9c..48016e2ba 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -5453,11 +5453,16 @@ static CURLcode parse_remote_port(struct Curl_easy *data,
       *portptr = '\0'; /* cut off the name there */
       conn->remote_port = curlx_ultous(port);
     }
-    else
+    else {
+      if(rest[0]) {
+        failf(data, "Illegal port number");
+        return CURLE_URL_MALFORMAT;
+      }
       /* Browser behavior adaptation. If there's a colon with no digits after,
          just cut off the name there which makes us ignore the colon and just
          use the default port. Firefox and Chrome both do that. */
       *portptr = '\0';
+    }
   }
 
   /* only if remote_port was not already parsed off the URL we use the
author	Daniel Stenberg <daniel@haxx.se>	2016-12-01 10:32:13 +0100
committer	Daniel Stenberg <daniel@haxx.se>	2016-12-01 10:36:37 +0100
commit	aab33215afb71c52404419bfa0783620a0b5cb75 (patch)
tree	d321b28df15fe6904b6f9fa119917ee24ce8487b /lib
parent	42253ad943d21310e75829c8e7998b9d57115c06 (diff)