From caafa041d98df231fc5ac6fa2b185850d4923519 Mon Sep 17 00:00:00 2001
From: David Carlier <devnexen@gmail.com>
Date: Sun, 29 Dec 2024 14:01:46 +0000
Subject: [PATCH] ext/sockets: socket_bind() check port validity.

range from ephemeral port (0) to max unsigned 16 bits.

close GH-17296
---
 NEWS                                          |  2 ++
 UPGRADING                                     |  4 ++--
 ext/sockets/sockets.c                         |  5 ++++
 .../tests/socket_bind_invalid_port.phpt       | 23 +++++++++++++++++++
 4 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 ext/sockets/tests/socket_bind_invalid_port.phpt

diff --git a/NEWS b/NEWS
index 4cd6786e13899..812b2ce7277e5 100644
--- a/NEWS
+++ b/NEWS
@@ -84,6 +84,8 @@ PHP                                                                        NEWS
     TCP_REUSPORT_LB_CURDOM, TCP_BBR_ALGORITHM constants.
   . socket_create_listen() throws an exception on invalid port value.
     (David Carlier)
+  . socket_bind() throws an exception on invalid port value.
+    (David Carlier)
 
 - Standard:
   . Fixed crypt() tests on musl when using --with-external-libcrypt
diff --git a/UPGRADING b/UPGRADING
index 3d17e4e5e2c22..cb4ca60a2e401 100644
--- a/UPGRADING
+++ b/UPGRADING
@@ -125,8 +125,8 @@ PHP 8.5 UPGRADE NOTES
     last_error to EBADF and raises an E_WARNING message.
 
 - Sockets:
-  . socket_create_listen throws a ValueError if the port is
-    lower than 0 or greater than 65535.
+  . socket_create_listen and socket_bind throw a ValueError
+    if the port is lower than 0 or greater than 65535.
 
 - Zlib:
   . The "use_include_path" argument for the
diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 3752ad15c9954..b2eddfba7e1e9 100644
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -1288,6 +1288,11 @@ PHP_FUNCTION(socket_bind)
 	php_sock = Z_SOCKET_P(arg1);
 	ENSURE_SOCKET_VALID(php_sock);
 
+	if (port < 0 || port > USHRT_MAX) {
+		zend_argument_value_error(3, "must be between 0 and %u", USHRT_MAX);
+		RETURN_THROWS();
+	}
+
 	switch(php_sock->type) {
 		case AF_UNIX:
 			{
diff --git a/ext/sockets/tests/socket_bind_invalid_port.phpt b/ext/sockets/tests/socket_bind_invalid_port.phpt
new file mode 100644
index 0000000000000..b70900f68620c
--- /dev/null
+++ b/ext/sockets/tests/socket_bind_invalid_port.phpt
@@ -0,0 +1,23 @@
+--TEST--
+socket_bind() with invalid ports.
+--EXTENSIONS--
+sockets
+--FILE--
+<?php
+    $s_c     = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
+
+    try {
+    	socket_bind($s_c, '0.0.0.0', -1);
+    } catch (\ValueError $e) {
+	    echo $e->getMessage() . PHP_EOL;
+    }
+
+    try {
+    	socket_bind($s_c, '0.0.0.0', 65536);
+    } catch (\ValueError $e) {
+	    echo $e->getMessage() . PHP_EOL;
+    }
+?>
+--EXPECT--
+socket_bind(): Argument #3 ($port) must be between 0 and 65535
+socket_bind(): Argument #3 ($port) must be between 0 and 65535