From f22fe0c87fb7729c0e5936d7ad347b3493a14d75 Mon Sep 17 00:00:00 2001
From: Jan Romann <jan.romann@uni-bremen.de>
Date: Tue, 12 Dec 2023 07:56:45 +0100
Subject: [PATCH] fix(coap-server): ignore incoming requests with an invalid
 source port (#1188)

* fix(coap-server): ignore incoming messages with an invalid source port

* fixup! fix(coap-server): ignore incoming messages with an invalid source port

* fixup! fix(coap-server): ignore incoming messages with an invalid source port
---
 packages/binding-coap/src/coap-server.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packages/binding-coap/src/coap-server.ts b/packages/binding-coap/src/coap-server.ts
index af9529edf..474538737 100644
--- a/packages/binding-coap/src/coap-server.ts
+++ b/packages/binding-coap/src/coap-server.ts
@@ -435,6 +435,14 @@ export default class CoapServer implements ProtocolServer {
     }
 
     private async handleRequest(req: IncomingMessage, res: OutgoingMessage) {
+        const sourcePort = req.rsinfo.port;
+        const hasInvalidPortRange = sourcePort < 1 || sourcePort > 65535;
+        if (hasInvalidPortRange) {
+            // Ignore requests with an invalid source port
+            // See https://github.com/eclipse-thingweb/node-wot/issues/1182
+            return;
+        }
+
         const origin = this.formatRequestOrigin(req);
 
         debug(