Validate server port argument

diff --git a/tests/server/rtspd.c b/tests/server/rtspd.c
index 6c3366b..7a5ef62 100644 (file)
--- a/tests/server/rtspd.c
+++ b/tests/server/rtspd.c
@@ -1174,7 +1174,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "rtspd: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/sockfilt.c b/tests/server/sockfilt.c
index 15993a5..8abde8b 100644 (file)
--- a/tests/server/sockfilt.c
+++ b/tests/server/sockfilt.c
@@ -890,7 +890,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           ((lnum != 0L) && ((lnum < 1025L) || (lnum > 65535L)))) {
+          fprintf(stderr, "sockfilt: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }
@@ -899,7 +908,16 @@ int main(int argc, char *argv[])
          doing a passive server-style listening. */
       arg++;
       if(argc>arg) {
-        connectport = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "sockfilt: invalid --connect argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        connectport = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/sws.c b/tests/server/sws.c
index 62721b1..16485f2 100644 (file)
--- a/tests/server/sws.c
+++ b/tests/server/sws.c
@@ -1082,7 +1082,16 @@ int main(int argc, char *argv[])
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "sws: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }

diff --git a/tests/server/tftpd.c b/tests/server/tftpd.c
index eefeb3e..91e51cf 100644 (file)
--- a/tests/server/tftpd.c
+++ b/tests/server/tftpd.c
@@ -708,7 +708,16 @@ int main(int argc, char **argv)
     else if(!strcmp("--port", argv[arg])) {
       arg++;
       if(argc>arg) {
-        port = (unsigned short)atoi(argv[arg]);
+        char *endptr;
+        long lnum = -1;
+        lnum = strtol(argv[arg], &endptr, 10);
+        if((endptr != argv[arg] + strlen(argv[arg])) ||
+           (lnum < 1025L) || (lnum > 65535L)) {
+          fprintf(stderr, "tftpd: invalid --port argument (%s)\n",
+                  argv[arg]);
+          return 0;
+        }
+        port = (unsigned short)(lnum & 0xFFFFL);
         arg++;
       }
     }