From e7bf1347104e968e52d51cbb3f97d576a3c45f9d Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Fri, 21 Apr 2023 09:34:59 -0400
Subject: [PATCH] Enhance tcp client port vet logic (#3175)

---
 .../controller/handlers/targets/tcp/tcp.go    | 52 +++++++++++++++----
 1 file changed, 41 insertions(+), 11 deletions(-)

diff --git a/internal/daemon/controller/handlers/targets/tcp/tcp.go b/internal/daemon/controller/handlers/targets/tcp/tcp.go
index 049246bd59..8328b2f947 100644
--- a/internal/daemon/controller/handlers/targets/tcp/tcp.go
+++ b/internal/daemon/controller/handlers/targets/tcp/tcp.go
@@ -4,6 +4,8 @@
 package tcp
 
 import (
+	"math"
+
 	"github.com/golang/protobuf/ptypes/wrappers"
 	"github.com/hashicorp/boundary/internal/daemon/controller/handlers"
 	"github.com/hashicorp/boundary/internal/daemon/controller/handlers/targets"
@@ -14,7 +16,10 @@ import (
 	pb "github.com/hashicorp/boundary/sdk/pbs/controller/api/resources/targets"
 )
 
-const defaultPortField = "attributes.default_port"
+const (
+	defaultPortField       = "attributes.default_port"
+	defaultClientPortField = "attributes.default_client_port"
+)
 
 type attribute struct {
 	*pb.TcpTargetAttributes
@@ -34,22 +39,47 @@ func (a *attribute) Options() []target.Option {
 func (a *attribute) Vet() map[string]string {
 	badFields := map[string]string{}
 	if a.GetDefaultPort() == nil {
-		badFields["attributes.default_port"] = "This field is required."
-	} else if a.GetDefaultPort().GetValue() == 0 {
-		badFields["attributes.default_port"] = "This field cannot be set to zero."
+		badFields[defaultPortField] = "This field is required."
+	} else {
+		if a.GetDefaultPort().GetValue() == 0 {
+			badFields[defaultPortField] = "This field cannot be set to zero."
+		}
+		if a.GetDefaultPort().GetValue() > math.MaxUint16 {
+			badFields[defaultPortField] = "Value is greater than maximum port number."
+		}
+	}
+	if a.GetDefaultClientPort() != nil {
+		if a.GetDefaultClientPort().GetValue() == 0 {
+			badFields[defaultClientPortField] = "This field cannot be set to zero."
+		}
+		if a.GetDefaultClientPort().GetValue() > math.MaxUint16 {
+			badFields[defaultClientPortField] = "Value is greater than maximum port number."
+		}
 	}
 	return badFields
 }
 
 func (a *attribute) VetForUpdate(p []string) map[string]string {
-	if !handlers.MaskContains(p, defaultPortField) {
-		return nil
-	}
 	badFields := map[string]string{}
-	if a.GetDefaultPort() == nil {
-		badFields["attributes.default_port"] = "This field is required."
-	} else if a.GetDefaultPort().GetValue() == 0 {
-		badFields["attributes.default_port"] = "This cannot be set to zero."
+	if handlers.MaskContains(p, defaultPortField) {
+		if a.GetDefaultPort() == nil {
+			badFields[defaultPortField] = "This field is required."
+		} else {
+			if a.GetDefaultPort().GetValue() == 0 {
+				badFields[defaultPortField] = "This cannot be set to zero."
+			}
+			if a.GetDefaultPort().GetValue() > math.MaxUint16 {
+				badFields[defaultPortField] = "Value is greater than maximum port number."
+			}
+		}
+	}
+	if handlers.MaskContains(p, defaultClientPortField) && a.GetDefaultClientPort() != nil {
+		if a.GetDefaultClientPort().GetValue() == 0 {
+			badFields[defaultClientPortField] = "This cannot be set to zero."
+		}
+		if a.GetDefaultClientPort().GetValue() > math.MaxUint16 {
+			badFields[defaultClientPortField] = "Value is greater than maximum port number."
+		}
 	}
 	return badFields
 }