B #5458: Check SG port range in 0-65535 (#1364)

(cherry picked from commit af2de3f5424fd55d81150d40b174e8f25f4745b6)
2025-01-25 06:03:36 +03:00 · 2021-07-22 10:26:21 +02:00 · 2021-07-22 10:26:21 +02:00 · 3d15223760
commit 3d15223760
parent d0619d2cb5
1 changed files with 13 additions and 0 deletions
--- a/src/secgroup/SecurityGroup.cc
+++ b/src/secgroup/SecurityGroup.cc
@ -342,6 +342,19 @@ bool SecurityGroup::is_valid(const VectorAttribute * rule, string& error) const
            error = "Invalid RANGE specification.";
            return false;
        }
+
+        // Check all port numbers are between 0-65535
+        const char *big_port_pattern = "([1-9][[:digit:]]{5,}|"
+                                       "[7-9][[:digit:]]{4,}|"
+                                       "6[6-9][[:digit:]]{3,}|"
+                                       "65[6-9][[:digit:]]{2,}|"
+                                       "655[4-9][[:digit:]]|"
+                                       "6553[6-9])";
+        if (one_util::regex_match(big_port_pattern, value.c_str()) == 0)
+        {
+            error = "RANGE out of bounds 0-65536.";
+            return false;
+        }
    }

    value = rule->vector_value("ICMP_TYPE");