Lighttpd is using strtol() and atoi() to parse numbers, but I think it's not properly checking for errors.
server.port = " 80" // good
server.port = "80 " // bad
The code isn't checking for range errors. You might want to use a simple strtol() wrapper to fix this.
Updated by gstrauss about 2 years ago
Would you accept the patch if I modify the patch hunk for configparser.y to issue a warning instead of an error? Checking strtol() for errors is not a bad thing. Whether or not to propagate the error is the question, and you have shared that you prefer not change existing behavior to propagate the error for config parsing. There are other uses of strtol() where some extra checks can improve robustness of the code.
Also available in: Atom