Issue #14036: return None when port in urlparse cross 65535

3 files changed, 13 insertions, 3 deletions

diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
index e484aaf..3f316d3 100644
--- a/Lib/test/test_urlparse.py
+++ b/Lib/test/test_urlparse.py
@@ -437,6 +437,11 @@ class UrlParseTestCase(unittest.TestCase):
         self.assertEqual(p.port, 80)
         self.assertEqual(p.geturl(), url)
 
+        # Verify an illegal port of value greater than 65535 is set as None
+        url = "http://www.python.org:65536"
+        p = urlparse.urlsplit(url)
+        self.assertEqual(p.port, None)
+
     def test_issue14072(self):
         p1 = urlparse.urlsplit('tel:+31-641044153')
         self.assertEqual(p1.scheme, 'tel')
diff --git a/Lib/urlparse.py b/Lib/urlparse.py
index 4c57725..8a20756 100644
--- a/Lib/urlparse.py
+++ b/Lib/urlparse.py
@@ -97,9 +97,11 @@ class ResultMixin(object):
         netloc = self.netloc.split('@')[-1].split(']')[-1]
         if ':' in netloc:
             port = netloc.split(':')[1]
-            return int(port, 10)
-        else:
-            return None
+            port = int(port, 10)
+            # verify legal port
+            if (0 <= port <= 65535):
+                return port
+        return None
 
 from collections import namedtuple
 
diff --git a/Misc/NEWS b/Misc/NEWS
index e091706..943f9f8 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -64,6 +64,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #14036: Add an additional check to validate that port in urlparse does
+  not go in illegal range and returns None.
+
 - Issue #14888: Fix misbehaviour of the _md5 module when called on data
   larger than 2**32 bytes.