From d632f9f6c85e7177bb835fa9903201464629ee05 Mon Sep 17 00:00:00 2001
From: Chenna Keshava B S <ckbs.keshava56@gmail.com>
Date: Fri, 17 Jun 2022 14:33:28 -0700
Subject: [PATCH] Properly handle incorrect port numbers in parseURL (fixes
 #4200)

---
 src/ripple/basics/impl/StringUtilities.cpp | 7 +++++++
 src/test/basics/StringUtilities_test.cpp   | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/ripple/basics/impl/StringUtilities.cpp b/src/ripple/basics/impl/StringUtilities.cpp
index 8036cc3bf..bebbe1ef8 100644
--- a/src/ripple/basics/impl/StringUtilities.cpp
+++ b/src/ripple/basics/impl/StringUtilities.cpp
@@ -90,6 +90,13 @@ parseUrl(parsedURL& pUrl, std::string const& strUrl)
     if (!port.empty())
     {
         pUrl.port = beast::lexicalCast<std::uint16_t>(port);
+
+        // For inputs larger than 2^32-1 (65535), lexicalCast returns 0.
+        // parseUrl returns false for such inputs.
+        if (pUrl.port == 0)
+        {
+            return false;
+        }
     }
     pUrl.path = smMatch[6];
 
diff --git a/src/test/basics/StringUtilities_test.cpp b/src/test/basics/StringUtilities_test.cpp
index fc6d54c63..6146a3dcd 100644
--- a/src/test/basics/StringUtilities_test.cpp
+++ b/src/test/basics/StringUtilities_test.cpp
@@ -289,6 +289,13 @@ public:
             BEAST_EXPECT(!parseUrl(pUrl, "nonsense"));
             BEAST_EXPECT(!parseUrl(pUrl, "://"));
             BEAST_EXPECT(!parseUrl(pUrl, ":///"));
+            BEAST_EXPECT(
+                !parseUrl(pUrl, "scheme://user:pass@domain:65536/abc:321"));
+            BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:23498765/"));
+            BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:0/"));
+            BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:+7/"));
+            BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:-7234/"));
+            BEAST_EXPECT(!parseUrl(pUrl, "UPPER://domain:@#$56!/"));
         }
 
         {