From 803bbe0fff73e2936fe116387c2941d0cdea1c6d Mon Sep 17 00:00:00 2001
From: Givi Khojanashvili <gigovich@gmail.com>
Date: Wed, 7 Jun 2023 10:57:43 +0400
Subject: [PATCH] Fix validation for ACL policy rules ports (#938)

---
 management/server/http/policies_handler.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/management/server/http/policies_handler.go b/management/server/http/policies_handler.go
index 2c83c2d1e..c8f58f8a4 100644
--- a/management/server/http/policies_handler.go
+++ b/management/server/http/policies_handler.go
@@ -3,6 +3,7 @@ package http
 import (
 	"encoding/json"
 	"net/http"
+	"strconv"
 
 	"github.com/gorilla/mux"
 	"github.com/rs/xid"
@@ -175,8 +176,13 @@ func (h *Policies) savePolicy(
 		}
 
 		if r.Ports != nil && len(*r.Ports) != 0 {
-			ports := *r.Ports
-			pr.Ports = ports[:]
+			for _, v := range *r.Ports {
+				if port, err := strconv.Atoi(v); err != nil || port < 1 || port > 65535 {
+					util.WriteError(status.Errorf(status.InvalidArgument, "valid port value is in 1..65535 range"), w)
+					return
+				}
+				pr.Ports = append(pr.Ports, v)
+			}
 		}
 
 		// validate policy object