parser: safety check for max port length in URI

- can't be longer than 5, a port being 16b value
- reported by Kevin Wojtysiak
(cherry picked from commit 13fd48f89555f5421e8285669e303bcefe44f149)

parser/parse_uri.c

@@ -1145,6 +1145,10 @@ int parse_uri(char* buf, int len, struct sip_uri* uri)
 			goto error_bad_uri;
 			break; /* do nothing, avoids a compilation warning */
 	}
+
+	if(uri->port.len>5)
+		goto error_invalid_port;
+
 #ifdef EXTRA_DEBUG
 	/* do stuff */
 	DBG("parsed uri:\n type=%d user=<%.*s>(%d)\n passwd=<%.*s>(%d)\n"
@@ -1208,6 +1212,10 @@ error_bad_port:
 		*p, state, (int)(p-buf), ZSW(buf), (int)(p-buf),
 		len, ZSW(buf), len);
 	goto error_exit;
+error_invalid_port:
+	DBG("parse_uri: bad port in uri: [%.*s] in <%.*s>\n",
+			uri->port.len, uri->port.s, len, ZSW(buf));
+	goto error_exit;
 error_bad_uri:
 	DBG("parse_uri: bad uri,  state %d"
 		" parsed: <%.*s> (%d) / <%.*s> (%d)\n",