Skip to content

net: Reject invalid characters in port ranges

c requested to merge c/tor:c/ticket-22469 into main

Fixes issue #22469 (closed) where port strings such as '0x00' get accepted, not because the string gets converted to hex, but because the string is silently truncated past the invalid character 'x'. This also causes issues for strings such as '0x01-0x02' which look like a hex port range, but in reality gets truncated to '0', which is definitely not what a user intends.

Warn and reject such port strings as invalid.

Also, since we're throwing that "malformed port" warning a lot in the function, wrap it up in a nice goto.

Merge request reports