altsvc: fix rejection of negative port numbers

Follow-up to ac612dfeee strtoul() accepts a leading minus so better make sure there is none Extended test 356 somewhat to use a huge negative 64 bit number that otherwise becomes a low positive number. Closes #10095
2022-12-14 23:16:16 +01:00 · 2022-12-14 23:16:16 +01:00 · b740f152a8
commit b740f152a8
parent 57d2d9b6be
2 changed files with 12 additions and 5 deletions
--- a/lib/altsvc.c
+++ b/lib/altsvc.c
@ -517,15 +517,21 @@ CURLcode Curl_altsvc_parse(struct Curl_easy *data,
          dsthost = srchost;
        }
        if(*p == ':') {
-          /* a port number */
-          unsigned long port = strtoul(++p, &end_ptr, 10);
-          if(port > USHRT_MAX || end_ptr == p || *end_ptr != '\"') {
+          unsigned long port = 0;
+          p++;
+          if(ISDIGIT(*p))
+            /* a port number */
+            port = strtoul(p, &end_ptr, 10);
+          else
+            end_ptr = (char *)p; /* not left uninitialized */
+          if(!port || port > USHRT_MAX || end_ptr == p || *end_ptr != '\"') {
            infof(data, "Unknown alt-svc port number, ignoring.");
            valid = FALSE;
          }
-          else
+          else {
            dstport = curlx_ultous(port);
-          p = end_ptr;
+            p = end_ptr;
+          }
        }
        if(*p++ != '\"')
          break;
--- a/tests/data/test356
+++ b/tests/data/test356
@ -17,6 +17,7 @@ Connection: close
 Content-Type: text/html
 Funny-head: yesyes
 Alt-Svc: h1="nowhere.foo:-1"
+Alt-Svc: h1="nowhere.foo:-18446744073709551614"
 Alt-Svc: h1="nowhere.foo:81", un-kno22!wn=":82"
 Alt-Svc: h1="nowhere.foo:70000"