ext/sockets: socket_sendto check port range.

devnexen · devnexen · commit 665ebd7f48ee · 2024-12-29T19:07:19.000Z
close GH-17299
diff --git a/NEWS b/NEWS
@@ -86,6 +86,8 @@ PHP                                                                        NEWS
     (David Carlier)
   . socket_bind() throws an exception on invalid port value.
     (David Carlier)
+  . socket_sendto() throws an exception on invalid port value.
+    (David Carlier)
 
 - Standard:
   . Fixed crypt() tests on musl when using --with-external-libcrypt
diff --git a/UPGRADING b/UPGRADING
@@ -125,8 +125,8 @@ PHP 8.5 UPGRADE NOTES
     last_error to EBADF and raises an E_WARNING message.
 
 - Sockets:
-  . socket_create_listen and socket_bind throw a ValueError
-    if the port is lower than 0 or greater than 65535.
+  . socket_create_listen, socket_bind and socket_sendto throw a
+    ValueError if the port is lower than 0 or greater than 65535.
 
 - Zlib:
   . The "use_include_path" argument for the
diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
@@ -1569,7 +1569,7 @@ PHP_FUNCTION(socket_sendto)
 #endif
 	int					retval;
 	size_t              buf_len, addr_len;
-	zend_long			len, flags, port;
+	zend_long			len, flags, port = 0;
 	bool           port_is_null = 1;
 	char				*buf, *addr;
 
@@ -1586,6 +1586,12 @@ PHP_FUNCTION(socket_sendto)
 	php_sock = Z_SOCKET_P(arg1);
 	ENSURE_SOCKET_VALID(php_sock);
 
+	if (port < 0 || port > USHRT_MAX) {
+		zend_argument_value_error(6, "must be between 0 and %u", USHRT_MAX);
+		RETURN_THROWS();
+	}
+
+
 	if (len < 0) {
 		zend_argument_value_error(3, "must be greater than or equal to 0");
 		RETURN_THROWS();
diff --git a/ext/sockets/tests/socket_sendto_invalid_port.phpt b/ext/sockets/tests/socket_sendto_invalid_port.phpt
@@ -0,0 +1,22 @@
+--TEST--
+socket_sendto() with invalid port
+--EXTENSIONS--
+sockets
+--FILE--
+<?php
+    $s_c = socket_create_listen(0);
+    try {
+        $s_w = socket_sendto($s_c, "foo", 0, MSG_OOB, '127.0.0.1', 65536);
+    } catch (\ValueError $e) {
+        echo $e->getMessage() . \PHP_EOL;
+    }
+    try {
+        $s_w = socket_sendto($s_c, "foo", 0, MSG_OOB, '127.0.0.1', -1);
+    } catch (\ValueError $e) {
+        echo $e->getMessage() . \PHP_EOL;
+    }
+    socket_close($s_c);
+?>
+--EXPECT--
+socket_sendto(): Argument #6 ($port) must be between 0 and 65535
+socket_sendto(): Argument #6 ($port) must be between 0 and 65535
