From owner-freebsd-hackers  Wed Jan 22 23:15:37 2003
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 63E1237B401
	for <hackers@freebsd.org>; Wed, 22 Jan 2003 23:15:36 -0800 (PST)
Received: from mailhost.gu.edu.au (kraken.itc.gu.edu.au [132.234.250.31])
	by mx1.FreeBSD.org (Postfix) with ESMTP id CF83643F1E
	for <hackers@freebsd.org>; Wed, 22 Jan 2003 23:15:34 -0800 (PST)
	(envelope-from steve@cit.gu.edu.au)
Received: from hobbit.cit.gu.edu.au (IDENT:ky5zE5zdEOQd26tq14UGZOzxTgKDOVEl@hobbit.cit.gu.edu.au [132.234.86.7])
	by mailhost.gu.edu.au (8.10.1/8.10.1) with ESMTP id h0N7AtH27868;
	Thu, 23 Jan 2003 17:10:55 +1000 (EST)
Received: from localhost (steve@localhost)
	by hobbit.cit.gu.edu.au (8.11.6/8.11.6) with ESMTP id h0N7AqE20869;
	Thu, 23 Jan 2003 17:10:53 +1000
Date: Thu, 23 Jan 2003 17:10:52 +1000 (EST)
From: Steven Goodwin <steve@cit.gu.edu.au>
To: hackers@freebsd.org
Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>
Subject: Re: Checking sockaddr_in port number for overflow
In-Reply-To: <3E2F8250.3080300@netli.com>
Message-ID: <Pine.LNX.4.44.0301231709110.20802-100000@hobbit.cit.gu.edu.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

On Wed, 22 Jan 2003, Lev Walkin wrote:

> Giorgos Keramidas wrote:
> > I have been trying to think of a good way to check for overflow of
> > port numbers of PF_INET sockets that are passed by the user. So far,
> > this is what I have come up with:
> > 
> > :
> > :         errno == 0;

I hope I'm not being pedantic, but don't you mean
           errno = 0;

> > :         tmp = strtol(argv[1], &errp, 0);
> > :         if (errp == argv[1] || errno == EINVAL || errno == ERANGE)
> > :                 errx(1, "invalid number '%s'", argv[1]);
> > :         if (tmp > IPPORT_MAX)
> > :                 errx(1, "%ld will overflow as a port number (max %d)",
> > :                     tmp, IPPORT_MAX);
> > 
> > Does this look ok to you all?
> > Have I missed anything obvious that I should also check?
> 
> tmp <= 0.
> 

Steve



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message