From 012c28606f96c95bba874fe573a968dca9a3d489 Mon Sep 17 00:00:00 2001
From: Mitchell Hashimoto <mitchell.hashimoto@gmail.com>
Date: Thu, 13 Mar 2014 08:31:59 -0700
Subject: [PATCH] kernel/v2: validate forwarded ports [GH-3187]

---
 CHANGELOG.md                                  |  2 ++
 plugins/kernel_v2/config/vm.rb                |  5 +++++
 templates/locales/en.yml                      |  2 ++
 test/unit/plugins/kernel_v2/config/vm_test.rb | 21 +++++++++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 20f02643f..1a2ea896c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -19,6 +19,8 @@ BUG FIXES:
   - core: PowerShell scripts work when they're in a directory with
     spaces. [GH-3100]
   - core: If you add a box path that doesn't exist, error earlier. [GH-3091]
+  - core: Validation on forwarded ports to make sure they're between
+    0 and 65535. [GH-3187]
   - guests/darwin: Fix an exception when configuring networks. [GH-3143]
   - hosts/linux: Unusual sed delimiter to avoid conflicts. [GH-3167]
   - providers/virtualbox: Make more internal interactions with VBoxManage
diff --git a/plugins/kernel_v2/config/vm.rb b/plugins/kernel_v2/config/vm.rb
index 89340264d..ec52104ab 100644
--- a/plugins/kernel_v2/config/vm.rb
+++ b/plugins/kernel_v2/config/vm.rb
@@ -548,6 +548,7 @@ module VagrantPlugins
         fp_used = Set.new
         valid_network_types = [:forwarded_port, :private_network, :public_network]
 
+        port_range=(1..65535)
         networks.each do |type, options|
           if !valid_network_types.include?(type)
             errors << I18n.t("vagrant.config.vm.network_type_invalid",
@@ -570,6 +571,10 @@ module VagrantPlugins
 
               fp_used.add(key)
             end
+
+            if !port_range.include?(options[:host]) || !port_range.include?(options[:guest])
+              errors << I18n.t("vagrant.config.vm.network_fp_invalid_port")
+            end
           end
 
           if type == :private_network
diff --git a/templates/locales/en.yml b/templates/locales/en.yml
index 43c8cbde6..ac2e761f7 100644
--- a/templates/locales/en.yml
+++ b/templates/locales/en.yml
@@ -1082,6 +1082,8 @@ en:
           properly, try changing this IP.
         network_ip_required: |-
           An IP is required for a private network.
+        network_fp_invalid_port: |-
+          Ports to forward must be 1 to 65535
         network_fp_host_not_unique: |-
           Forwarded port '%{host}' (host port) is declared multiple times
           with the protocol '%{protocol}'.
diff --git a/test/unit/plugins/kernel_v2/config/vm_test.rb b/test/unit/plugins/kernel_v2/config/vm_test.rb
index c12421941..690e8eb82 100644
--- a/test/unit/plugins/kernel_v2/config/vm_test.rb
+++ b/test/unit/plugins/kernel_v2/config/vm_test.rb
@@ -7,6 +7,13 @@ describe VagrantPlugins::Kernel_V2::VMConfig do
 
   let(:machine) { double("machine") }
 
+  def assert_invalid
+    errors = subject.validate(machine)
+    if !errors.values.any? { |v| !v.empty? }
+      raise "No errors: #{errors.inspect}"
+    end
+  end
+
   def assert_valid
     errors = subject.validate(machine)
     if !errors.values.all? { |v| v.empty? }
@@ -125,6 +132,20 @@ describe VagrantPlugins::Kernel_V2::VMConfig do
       expect(n[1][:guest]).to eq(45)
       expect(n[1][:host]).to eq(4545)
     end
+
+    it "is an error if forwarding a port too low" do
+      subject.network "forwarded_port",
+        guest: "45", host: "-5"
+      subject.finalize!
+      assert_invalid
+    end
+
+    it "is an error if forwarding a port too high" do
+      subject.network "forwarded_port",
+        guest: "45", host: "74545"
+      subject.finalize!
+      assert_invalid
+    end
   end
 
   describe "#provider and #get_provider_config" do