policycoreutils: semanage: verify ports < 65536
We could currently create a rule with a port number of one million.
This doesn't make sense. Bounds test it.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index f81ba4a..ef88f82 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -740,6 +740,9 @@
low = int(ports[0])
high = int(ports[1])
+ if high > 65535:
+ raise ValueError(_("Invalid Port"))
+
(rc, k) = semanage_port_key_create(self.sh, low, high, proto_d)
if rc < 0:
raise ValueError(_("Could not create a key for %s/%s") % (proto, port))