From 477201a2954349bfe7ab63f73b11cd19d0f782d0 Mon Sep 17 00:00:00 2001
From: Ankush Agarwal <ankushagarwal11@gmail.com>
Date: Sun, 28 Jun 2015 03:16:24 -0700
Subject: [PATCH] Validate Port specifications on daemon side

Fixes #14230

Signed-off-by: Ankush Agarwal <ankushagarwal11@gmail.com>
---
 daemon/daemon_unix.go                         |  7 ++++++
 integration-cli/docker_api_containers_test.go | 24 +++++++++++++++++++
 2 files changed, 31 insertions(+)

diff --git a/daemon/daemon_unix.go b/daemon/daemon_unix.go
index 99007824b4..fcf583a9ca 100644
--- a/daemon/daemon_unix.go
+++ b/daemon/daemon_unix.go
@@ -15,6 +15,7 @@ import (
 	"github.com/Sirupsen/logrus"
 	"github.com/docker/docker/autogen/dockerversion"
 	"github.com/docker/docker/daemon/graphdriver"
+	"github.com/docker/docker/nat"
 	"github.com/docker/docker/pkg/archive"
 	"github.com/docker/docker/pkg/fileutils"
 	"github.com/docker/docker/pkg/parsers"
@@ -129,6 +130,12 @@ func (daemon *Daemon) verifyContainerSettings(hostConfig *runconfig.HostConfig,
 		return warnings, nil
 	}
 
+	for port := range hostConfig.PortBindings {
+		_, portStr := nat.SplitProtoPort(string(port))
+		if _, err := nat.ParsePort(portStr); err != nil {
+			return warnings, fmt.Errorf("Invalid port specification: %s", portStr)
+		}
+	}
 	if hostConfig.LxcConf.Len() > 0 && !strings.Contains(daemon.ExecutionDriver().Name(), "lxc") {
 		return warnings, fmt.Errorf("Cannot use --lxc-conf with execdriver: %s", daemon.ExecutionDriver().Name())
 	}
diff --git a/integration-cli/docker_api_containers_test.go b/integration-cli/docker_api_containers_test.go
index 668ecab70d..9581221eec 100644
--- a/integration-cli/docker_api_containers_test.go
+++ b/integration-cli/docker_api_containers_test.go
@@ -1134,6 +1134,30 @@ func (s *DockerSuite) TestContainerApiVerifyHeader(c *check.C) {
 	body.Close()
 }
 
+//Issue 14230. daemon should return 500 for invalid port syntax
+func (s *DockerSuite) TestContainerApiInvalidPortSyntax(c *check.C) {
+	config := `{
+				  "Image": "busybox",
+				  "HostConfig": {
+					"PortBindings": {
+					  "19039;1230": [
+						{}
+					  ]
+					}
+				  }
+				}`
+
+	res, body, err := sockRequestRaw("POST", "/containers/create", strings.NewReader(config), "application/json")
+	c.Assert(res.StatusCode, check.Equals, http.StatusInternalServerError)
+	c.Assert(err, check.IsNil)
+
+	b, err := readBody(body)
+	if err != nil {
+		c.Fatal(err)
+	}
+	c.Assert(strings.Contains(string(b[:]), "Invalid port"), check.Equals, true)
+}
+
 // Issue 7941 - test to make sure a "null" in JSON is just ignored.
 // W/o this fix a null in JSON would be parsed into a string var as "null"
 func (s *DockerSuite) TestContainerApiPostCreateNull(c *check.C) {