From 137d1309c1d3ec0d41466a6fd2669929f4412096 Mon Sep 17 00:00:00 2001
From: "data-plane-api(CircleCI)" <data-plane-api@users.noreply.github.com>
Date: Tue, 24 Apr 2018 22:11:10 +0000
Subject: [PATCH] =?UTF-8?q?network/api:=20bound=20max=20port,=20handle=20o?=
 =?UTF-8?q?ut-of-range=20failure=20in=20Utility::=E2=80=A6=20(#3194)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This was found via proto fuzzing the server config.

Risk Level: Low
Testing: New utility_test.

Signed-off-by: Harvey Tuch <htuch@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ a87d265d1c1819926f2b2e8e7e866244fd40f574
---
 envoy/api/v2/core/address.proto | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/envoy/api/v2/core/address.proto b/envoy/api/v2/core/address.proto
index bf9051a8..fdfb64ee 100644
--- a/envoy/api/v2/core/address.proto
+++ b/envoy/api/v2/core/address.proto
@@ -39,7 +39,7 @@ message SocketAddress {
   string address = 2 [(validate.rules).string.min_bytes = 1];
   oneof port_specifier {
     option (validate.required) = true;
-    uint32 port_value = 3;
+    uint32 port_value = 3 [(validate.rules).uint32.lte = 65535];
     // This is only valid if :ref:`resolver_name
     // <envoy_api_field_core.SocketAddress.resolver_name>` is specified below and the
     // named resolver is capable of named port resolution.