From 7e3edc29c6653a585862bfbbf111433ecda0ee81 Mon Sep 17 00:00:00 2001
From: selsta <selsta@sent.at>
Date: Mon, 25 Aug 2025 00:53:24 +0200
Subject: [PATCH] epee: only parse valid port

Reported by hacksandhops and Ada Logic.
---
 contrib/epee/src/net_parse_helpers.cpp | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/contrib/epee/src/net_parse_helpers.cpp b/contrib/epee/src/net_parse_helpers.cpp
index 2697bdac4..9440aba68 100644
--- a/contrib/epee/src/net_parse_helpers.cpp
+++ b/contrib/epee/src/net_parse_helpers.cpp
@@ -92,7 +92,13 @@ namespace net_utils
     }
     return true;
   }
-  
+
+  static bool parse_port(const std::string& port_str, uint64_t& out_port)
+  {
+    out_port = 0;
+    return boost::conversion::try_lexical_convert(port_str, out_port) && out_port <= 65535;
+  }
+
   bool parse_uri(const std::string uri, http::uri_content& content)
   {
 
@@ -153,7 +159,8 @@ namespace net_utils
     }
     if(result[6].matched)
     {
-      content.port = boost::lexical_cast<uint64_t>(result[6]);
+      if (!parse_port(result[6].str(), content.port))
+        return false;
     }
     if(result[7].matched)
     {
@@ -191,7 +198,8 @@ namespace net_utils
     }
     if(result[6].matched)
     {
-      content.port = boost::lexical_cast<uint64_t>(result[6]);
+      if (!parse_port(result[6].str(), content.port))
+        return false;
     }
     if(result[7].matched)
     {