From 0633b12b286d763521124f6d144deade89a89bfc Mon Sep 17 00:00:00 2001
From: Victor Vieux <vieux@docker.com>
Date: Mon, 2 Jun 2014 23:03:10 +0000
Subject: [PATCH] add proto validation at parse

Docker-DCO-1.1-Signed-off-by: Victor Vieux <vieux@docker.com> (github: vieux)
---
 nat/nat.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/nat/nat.go b/nat/nat.go
index 7aad775d70..31633dd544 100644
--- a/nat/nat.go
+++ b/nat/nat.go
@@ -5,9 +5,10 @@ package nat
 
 import (
 	"fmt"
-	"github.com/dotcloud/docker/utils"
 	"strconv"
 	"strings"
+
+	"github.com/dotcloud/docker/utils"
 )
 
 const (
@@ -72,6 +73,15 @@ func SplitProtoPort(rawPort string) (string, string) {
 	return parts[1], parts[0]
 }
 
+func validateProto(proto string) bool {
+	for _, availableProto := range []string{"tcp", "udp"} {
+		if availableProto == proto {
+			return true
+		}
+	}
+	return false
+}
+
 // We will receive port specs in the format of ip:public:private/proto and these need to be
 // parsed in the internal types
 func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding, error) {
@@ -113,6 +123,9 @@ func ParsePortSpecs(ports []string) (map[Port]struct{}, map[Port][]PortBinding,
 		if _, err := strconv.ParseUint(hostPort, 10, 16); hostPort != "" && err != nil {
 			return nil, nil, fmt.Errorf("Invalid hostPort: %s", hostPort)
 		}
+		if !validateProto(proto) {
+			return nil, nil, fmt.Errorf("Invalid proto: %s", proto)
+		}
 
 		port := NewPort(proto, containerPort)
 		if _, exists := exposedPorts[port]; !exists {