Hi Mark,
Mark Lumsden wrote on Thu, Sep 23, 2010 at 07:38:00AM +0000:
> Add a check to the user supplied value of the local port.
[...]
> ok?
No, not ok; i think the patch is incorrect.
The pflag is passed to getaddrinfo(3):
int
getaddrinfo(const char *hostname, const char *servname, const struct
addrinfo *hints, struct addrinfo **res);
The servname is either a decimal port number or a service name
listed in services(5).
Thus, no input validation is desirable.
In fact, nc(1) already provides a (well, moderately) useful error
message when you provide a service not listed in services(5):
schwa...@rhea $ nc -p murks localhost 30000
nc: getaddrinfo: service not supported for ai_socktype
Yours,
Ingo
> Index: netcat.c
> ===================================================================
> RCS file: /cvs/src/usr.bin/nc/netcat.c,v
> retrieving revision 1.98
> diff -u -p -r1.98 netcat.c
> --- netcat.c 3 Jul 2010 04:44:51 -0000 1.98
> +++ netcat.c 23 Sep 2010 07:13:51 -0000
> @@ -174,6 +174,9 @@ main(int argc, char *argv[])
> Pflag = optarg;
> break;
> case 'p':
> + strtonum(optarg, 1, PORT_MAX, &errstr);
> + if (errstr)
> + errx(1, "source port %s: %s", errstr, optarg);
> pflag = optarg;
> break;
> case 'r':
