From f690640165ccfa300db43b4a8e0d48a2ac660993 Mon Sep 17 00:00:00 2001 From: deraadt <> Date: Sat, 11 Oct 2025 15:46:06 +0000 Subject: use strtonum() instead of atoi(), and error out for bad numbers This generates a host-order number, so the ntohs() for getservbyport() was wrong, that should always have been htons(). The transform is the same, but misleading. ok tb --- src/usr.bin/nc/netcat.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/usr.bin/nc/netcat.c b/src/usr.bin/nc/netcat.c index e3c9c939e2..766da6e667 100644 --- a/src/usr.bin/nc/netcat.c +++ b/src/usr.bin/nc/netcat.c @@ -1,4 +1,4 @@ -/* $OpenBSD: netcat.c,v 1.234 2025/06/24 13:37:11 tb Exp $ */ +/* $OpenBSD: netcat.c,v 1.235 2025/10/11 15:46:06 deraadt Exp $ */ /* * Copyright (c) 2001 Eric Jackson * Copyright (c) 2015 Bob Beck. All rights reserved. @@ -1542,7 +1542,12 @@ connection_info(const char *host, const char *port, const char *proto, /* Look up service name unless -n. */ if (!nflag) { - sv = getservbyport(ntohs(atoi(port)), proto); + const char *errstr; + + int p = strtonum(port, 1, PORT_MAX, &errstr); + if (errstr) + errx(1, "port number %s: %s", errstr, port); + sv = getservbyport(htons(p), proto); if (sv != NULL) service = sv->s_name; } -- cgit v1.2.3-55-g6feb