From: Yang Tse Date: Thu, 4 Feb 2010 17:17:19 +0000 (+0000) Subject: Validate server port argument X-Git-Tag: curl-7_20_0~13 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f47b84b57ff74915820d26efc30459158bbe5c9c;p=curl Validate server port argument --- diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c index 6c3366bb4..7a5ef62a3 100644 --- a/tests/server/rtspd.c +++ b/tests/server/rtspd.c @@ -1174,7 +1174,16 @@ int main(int argc, char *argv[]) else if(!strcmp("--port", argv[arg])) { arg++; if(argc>arg) { - port = (unsigned short)atoi(argv[arg]); + char *endptr; + long lnum = -1; + lnum = strtol(argv[arg], &endptr, 10); + if((endptr != argv[arg] + strlen(argv[arg])) || + (lnum < 1025L) || (lnum > 65535L)) { + fprintf(stderr, "rtspd: invalid --port argument (%s)\n", + argv[arg]); + return 0; + } + port = (unsigned short)(lnum & 0xFFFFL); arg++; } } diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c index 15993a5ab..8abde8b51 100644 --- a/tests/server/sockfilt.c +++ b/tests/server/sockfilt.c @@ -890,7 +890,16 @@ int main(int argc, char *argv[]) else if(!strcmp("--port", argv[arg])) { arg++; if(argc>arg) { - port = (unsigned short)atoi(argv[arg]); + char *endptr; + long lnum = -1; + lnum = strtol(argv[arg], &endptr, 10); + if((endptr != argv[arg] + strlen(argv[arg])) || + ((lnum != 0L) && ((lnum < 1025L) || (lnum > 65535L)))) { + fprintf(stderr, "sockfilt: invalid --port argument (%s)\n", + argv[arg]); + return 0; + } + port = (unsigned short)(lnum & 0xFFFFL); arg++; } } @@ -899,7 +908,16 @@ int main(int argc, char *argv[]) doing a passive server-style listening. */ arg++; if(argc>arg) { - connectport = (unsigned short)atoi(argv[arg]); + char *endptr; + long lnum = -1; + lnum = strtol(argv[arg], &endptr, 10); + if((endptr != argv[arg] + strlen(argv[arg])) || + (lnum < 1025L) || (lnum > 65535L)) { + fprintf(stderr, "sockfilt: invalid --connect argument (%s)\n", + argv[arg]); + return 0; + } + connectport = (unsigned short)(lnum & 0xFFFFL); arg++; } } diff --git a/tests/server/sws.c b/tests/server/sws.c index 62721b1bc..16485f2f9 100644 --- a/tests/server/sws.c +++ b/tests/server/sws.c @@ -1082,7 +1082,16 @@ int main(int argc, char *argv[]) else if(!strcmp("--port", argv[arg])) { arg++; if(argc>arg) { - port = (unsigned short)atoi(argv[arg]); + char *endptr; + long lnum = -1; + lnum = strtol(argv[arg], &endptr, 10); + if((endptr != argv[arg] + strlen(argv[arg])) || + (lnum < 1025L) || (lnum > 65535L)) { + fprintf(stderr, "sws: invalid --port argument (%s)\n", + argv[arg]); + return 0; + } + port = (unsigned short)(lnum & 0xFFFFL); arg++; } } diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c index eefeb3ea4..91e51cf42 100644 --- a/tests/server/tftpd.c +++ b/tests/server/tftpd.c @@ -708,7 +708,16 @@ int main(int argc, char **argv) else if(!strcmp("--port", argv[arg])) { arg++; if(argc>arg) { - port = (unsigned short)atoi(argv[arg]); + char *endptr; + long lnum = -1; + lnum = strtol(argv[arg], &endptr, 10); + if((endptr != argv[arg] + strlen(argv[arg])) || + (lnum < 1025L) || (lnum > 65535L)) { + fprintf(stderr, "tftpd: invalid --port argument (%s)\n", + argv[arg]); + return 0; + } + port = (unsigned short)(lnum & 0xFFFFL); arg++; } }