From a9cebd1b4e68a87b17617705f2f8a21b451b8301 Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Mon, 16 Oct 2017 09:40:07 +0200
Subject: [PATCH] firewall: add port validation

---
 src/etc/inc/filter.inc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/etc/inc/filter.inc b/src/etc/inc/filter.inc
index 429e7a60e..f783d8aad 100644
--- a/src/etc/inc/filter.inc
+++ b/src/etc/inc/filter.inc
@@ -177,8 +177,9 @@ function process_alias_urltable($name, $alias_type, $url, $freq, $forceupdate =
                 // cleanse line item
                 $line = preg_split('/[\s,;|#]+/', $line)[0];
                 if ($alias_type == "urltable_ports") {
-                    // todo: add proper validation for ports here
-                    fwrite($output_file_handle, "{$line}\n");
+                    if ((string)((int)$line) === $line && $line >= 1 && $line <= 65535) {
+                        fwrite($output_file_handle, "{$line}\n");
+                    }
                 } else {
                     // validate or resolve line items, skip unparseable content
                     if (is_subnet($line) || is_ipaddr($line)) {