From 9cc33de2e7dd39a6f1d28606305228446c6a39d9 Mon Sep 17 00:00:00 2001 From: deraadt Date: Sat, 11 Oct 2025 15:46:06 +0000 Subject: [PATCH] use strtonum() instead of atoi(), and error out for bad numbers This generates a host-order number, so the ntohs() for getservbyport() was wrong, that should always have been htons(). The transform is the same, but misleading. ok tb --- usr.bin/nc/netcat.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/usr.bin/nc/netcat.c b/usr.bin/nc/netcat.c index e3c9c939e24..766da6e6678 100644 --- a/usr.bin/nc/netcat.c +++ b/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.234 2025/06/24 13:37:11 tb Exp $ */ +/* $OpenBSD: netcat.c,v 1.235 2025/10/11 15:46:06 deraadt Exp $ */ /* * Copyright (c) 2001 Eric Jackson * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -1542,7 +1542,12 @@ connection_info(const char *host, const char *port, const char *proto, /* Look up service name unless -n. */ if (!nflag) { - sv = getservbyport(ntohs(atoi(port)), proto); + const char *errstr; + + int p = strtonum(port, 1, PORT_MAX, &errstr); + if (errstr) + errx(1, "port number %s: %s", errstr, port); + sv = getservbyport(htons(p), proto); if (sv != NULL) service = sv->s_name; }