diff -up dhcp-4.0.0/client/dhclient.c.port dhcp-4.0.0/client/dhclient.c --- dhcp-4.0.0/client/dhclient.c.port 2008-09-30 15:56:35.000000000 -1000 +++ dhcp-4.0.0/client/dhclient.c 2008-09-30 15:56:52.000000000 -1000 @@ -218,7 +218,7 @@ int main(int argc, char **argv, char **e } else if (!strcmp (argv [i], "-p")) { if (++i == argc) usage (); - local_port = htons (atoi (argv [i])); + local_port = validate_port(argv[i]); log_debug ("binding to user-specified port %d", ntohs (local_port)); } else if (!strcmp (argv [i], "-d")) { diff -up dhcp-4.0.0/common/inet.c.port dhcp-4.0.0/common/inet.c --- dhcp-4.0.0/common/inet.c.port 2007-07-12 20:43:41.000000000 -1000 +++ dhcp-4.0.0/common/inet.c 2008-09-30 15:57:20.000000000 -1000 @@ -604,3 +604,20 @@ piaddrcidr(const struct iaddr *addr, uns return ret; } +/* Check the port number specified */ +u_int16_t +validate_port(char *port) { + u_int16_t local_port = 0; + int lower = 1; + int upper = 65535; + + errno = 0; + local_port = strtol(port, NULL, 10); + if ((errno == ERANGE) || (errno == EINVAL)) + log_fatal ("Invalid port number specification: %s", port); + + if (local_port < lower || local_port > upper) + log_fatal("Port number specified is out of range (%d-%d).", lower, upper); + + return htons(local_port); +} diff -up dhcp-4.0.0/includes/dhcpd.h.port dhcp-4.0.0/includes/dhcpd.h --- dhcp-4.0.0/includes/dhcpd.h.port 2008-09-30 15:56:35.000000000 -1000 +++ dhcp-4.0.0/includes/dhcpd.h 2008-09-30 15:56:52.000000000 -1000 @@ -2432,6 +2432,7 @@ isc_result_t free_iaddrcidrnetlist(struc const char *piaddr PROTO ((struct iaddr)); char *piaddrmask(struct iaddr *, struct iaddr *); char *piaddrcidr(const struct iaddr *, unsigned int); +u_int16_t validate_port(char *); /* dhclient.c */ extern int nowait; diff -up dhcp-4.0.0/relay/dhcrelay.c.port dhcp-4.0.0/relay/dhcrelay.c --- dhcp-4.0.0/relay/dhcrelay.c.port 2007-11-30 11:51:43.000000000 -1000 +++ dhcp-4.0.0/relay/dhcrelay.c 2008-09-30 15:56:52.000000000 -1000 @@ -141,7 +141,7 @@ main(int argc, char **argv) { if (!strcmp (argv [i], "-p")) { if (++i == argc) usage (); - local_port = htons (atoi (argv [i])); + local_port = validate_port(argv[i]); log_debug ("binding to user-specified port %d", ntohs (local_port)); } else if (!strcmp (argv [i], "-d")) { diff -up dhcp-4.0.0/server/dhcpd.c.port dhcp-4.0.0/server/dhcpd.c --- dhcp-4.0.0/server/dhcpd.c.port 2008-09-30 15:56:34.000000000 -1000 +++ dhcp-4.0.0/server/dhcpd.c 2008-09-30 15:56:52.000000000 -1000 @@ -257,15 +257,7 @@ main(int argc, char **argv) { if (!strcmp (argv [i], "-p")) { if (++i == argc) usage (); - for (s = argv [i]; *s; s++) - if (!isdigit ((unsigned char)*s)) - log_fatal ("%s: not a valid UDP port", - argv [i]); - status = atoi (argv [i]); - if (status < 1 || status > 65535) - log_fatal ("%s: not a valid UDP port", - argv [i]); - local_port = htons (status); + local_port = validate_port(argv[i]); log_debug ("binding to user-specified port %d", ntohs (local_port)); } else if (!strcmp (argv [i], "-f")) { @@ -438,7 +430,7 @@ main(int argc, char **argv) { if (!local_port) { if ((s = getenv ("DHCPD_PORT"))) { - local_port = htons (atoi (s)); + local_port = validate_port(s); log_debug ("binding to environment-specified port %d", ntohs (local_port)); } else {