File _service:tar_scm:backport-004-CVE-2024-43168.patch of Package unbound

From c085a53268940dfbb907cbaa7a690740b6c8210c Mon Sep 17 00:00:00 2001
From: "W.C.A. Wijngaards" <wouter@nlnetlabs.nl>
Date: Tue, 7 May 2024 14:05:21 +0200
Subject: [PATCH] - Fix for #1062: declaration before statement, avoid print of
 null,   and redundant check for array size. And changelog note for merge of
 #1062.

---
 util/config_file.c | 8 +++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/util/config_file.c b/util/config_file.c
index 4a3b7d77..2ac6c468 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -1776,12 +1776,13 @@ init_outgoing_availports(int* a, int num)
 static int
 extract_port_from_str(const char* str, int max_port) {
 	char* endptr;
+	long int value;
 	if (str == NULL || *str == '\0') {
-		log_err("str: '%s' is invalid", str);
+		log_err("str: '%s' is invalid", (str?str:"NULL"));
 		return -1;
 	}
 
-	long int value = strtol(str, &endptr, 10);
+	value = strtol(str, &endptr, 10);
 	if ((endptr == str) || (*endptr != '\0'))  {
 		log_err("cannot parse port number '%s'", str);
 		return -1;
@@ -1820,7 +1821,8 @@ cfg_mark_ports(const char* str, int allow, int* avail, int num)
 			log_err("Failed to parse the port number");
 			return 0;
 		}
-		avail[port] = (allow?port:0);
+		if(port < num)
+			avail[port] = (allow?port:0);
 	} else {
 		char buf[16];
 		int i, low;
-- 
2.33.0