Validate server port argument

diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c
index 6c3366bb4b9ddf0a7436ee2f212ba150b739dbf3..7a5ef62a3f00498f0df270cbf28f81ebbd15d85d 100644 (file)
--- a/tests/server/rtspd.c
+++ b/tests/server/rtspd.c
@@ -1174,7 +1174,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "rtspd: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c
index 15993a5ab84ec1f48794ffb9ae00a9af2af7bec4..8abde8b51bb543ab2a961529d81f1e032755499a 100644 (file)
--- a/tests/server/sockfilt.c
+++ b/tests/server/sockfilt.c
@@ -890,7 +890,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           ((lnum != 0L) && ((lnum < 1025L) || (lnum > 65535L)))) {
+          fprintf(stderr, "sockfilt: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }
@@ -899,7 +908,16 @@ int main(int argc, char *argv[])
          doing a passive server-style listening. */
       arg++;
       if(argc>arg) {
-        connectport = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "sockfilt: invalid --connect argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        connectport = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/sws.c b/tests/server/sws.c
index 62721b1bc9e6c53a8950ba72c5501519fd7f4722..16485f2f9cd82412f25ce0211ddc885f3d5b0db2 100644 (file)
--- a/tests/server/sws.c
+++ b/tests/server/sws.c
@@ -1082,7 +1082,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "sws: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c
index eefeb3ea43beb9ab662c6f0a5a3a3329c86899da..91e51cf42d40d8008830a36291dd7c907dbd1c4f 100644 (file)
--- a/tests/server/tftpd.c
+++ b/tests/server/tftpd.c
@@ -708,7 +708,16 @@ int main(int argc, char **argv)
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "tftpd: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }