Fix off-by-one overflow in the IP protocol table.

Fixes #2896, closes #2897, closes #2900

portlist.cc

@@ -480,7 +480,7 @@ void PortList::setPortState(u16 portno, u8 protocol, int state, int *oldstate) {
       state != PORT_CLOSEDFILTERED)
     fatal("%s: attempt to add port number %d with illegal state %d\n", __func__, portno, state);
 
-  assert(protocol!=IPPROTO_IP || portno<256);
+  assert(protocol!=IPPROTO_IP || portno<=MAX_IPPROTONUM);
 
   bool created = false;
   current = createPort(portno, protocol, &created);
@@ -566,7 +566,7 @@ Port *PortList::nextPort(const Port *cur, Port *next,
   if (cur) {
     proto = INPROTO2PORTLISTPROTO(cur->proto);
     assert(port_map[proto]!=NULL); // Hmm, it's not possible to handle port that doesn't have anything in map
-    assert(cur->proto!=IPPROTO_IP || cur->portno<256);
+    assert(cur->proto!=IPPROTO_IP || cur->portno<=MAX_IPPROTONUM);
     mapped_pno = port_map[proto][cur->portno];
     mapped_pno++; //  we're interested in next port after current
   } else { // running for the first time
@@ -615,7 +615,7 @@ void PortList::mapPort(u16 *portno, u8 *protocol) const {
   mapped_protocol = INPROTO2PORTLISTPROTO(*protocol);
 
   if (*protocol == IPPROTO_IP)
-    assert(*portno < 256);
+    assert(*portno <= MAX_IPPROTONUM);
   if(port_map[mapped_protocol]==NULL || port_list[mapped_protocol]==NULL) {
     fatal("%s(%i,%i): you're trying to access uninitialized protocol", __func__, *portno, *protocol);
   }
@@ -713,7 +713,7 @@ int PortList::port_list_count[PORTLIST_PROTO_MAX];
  * should be sorted. */
 void PortList::initializePortMap(int protocol, u16 *ports, int portcount) {
   int i;
-  int ports_max = (protocol == IPPROTO_IP) ? 256 : 65536;
+  int ports_max = (protocol == IPPROTO_IP) ? MAX_IPPROTONUM + 1 : 65536;
   int proto = INPROTO2PORTLISTPROTO(protocol);
 
   if (port_map[proto] != NULL || port_map_rev[proto] != NULL)