File _service:tar_scm:backport-002-CVE-2024-43168.patch of Package unbound

From dfff8d23cf4145c58e5c1e99d4159d3a91a70ab7 Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Wed, 3 Apr 2024 10:16:18 +0200
Subject: [PATCH] - For #1040: adjust error text and disallow negative ports in
 other   parts of cfg_mark_ports.

---
 util/config_file.c | 14 +++++++++++++-
 1 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/util/config_file.c b/util/config_file.c
index e7b2f195..74554286 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1762,7 +1762,7 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
 	if(!mid) {
 		int port = atoi(str);
 		if(port < 0) {
-			log_err("Prevent out-of-bounds access to array avail");
+			log_err("port number is negative: %d", port);
 			return 0;
 		}
 		if(port == 0 && strcmp(str, "0") != 0) {
@@ -1774,6 +1774,10 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
 	} else {
 		int i, low, high = atoi(mid+1);
 		char buf[16];
+		if(high < 0) {
+			log_err("port number is negative: %d", high);
+			return 0;
+		}
 		if(high == 0 && strcmp(mid+1, "0") != 0) {
 			log_err("cannot parse port number '%s'", mid+1);
 			return 0;
@@ -1786,10 +1790,18 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
 			memcpy(buf, str, (size_t)(mid-str));
 		buf[mid-str] = 0;
 		low = atoi(buf);
+		if(low < 0) {
+			log_err("port number is negative: %d", low);
+			return 0;
+		}
 		if(low == 0 && strcmp(buf, "0") != 0) {
 			log_err("cannot parse port number '%s'", buf);
 			return 0;
 		}
+		if(high > num) {
+			/* Stop very high values from taking a long time. */
+			high = num;
+		}
 		for(i=low; i<=high; i++) {
 			if(i < num)
 				avail[i] = (allow?i:0);
-- 
2.33.0