Browse code

more robust SRV record filter, disallow multiple :, negative and too high port numbers

Hanno Böck authored on07/05/2020 11:46:41
Showing1 changed files
... ...
@@ -345,13 +345,13 @@ function save_dns_record($id, $record)
345 345
       if (! $record['data']) {
346 346
           system_failure('SRV target missing');
347 347
       }
348
-      $data = explode(':', $record['data'], 2);
348
+      $data = explode(':', $record['data']);
349 349
       if (count($data) != 2) {
350 350
           system_failure('Das eingegebene Ziel war nicht im Format hostname:port');
351 351
       }
352 352
       list($hostname, $port) = $data;
353 353
       verify_input_hostname($hostname);
354
-      if ($port != (int) $port || $port == 0) {
354
+      if ($port !== (string)(int) $port || (int)$port < 1 || (int)$port > 65535) {
355 355
           system_failure('Ungültige Portnummer');
356 356
       }
357 357
       $record['ip'] = null;