Fix missing error checks for strtoul(3)

2 files changed, 13 insertions, 4 deletions

diff --git a/http.c b/http.c
index feb74eb..26c30bf 100644
--- a/http.c
+++ b/http.c
@@ -1897,9 +1897,17 @@ char *http_decode_url(const char *url)
         else if (*(url + 1) && *(url + 2))
         {
             const char buf[sizeof "00"] = {*(url + 1), *(url + 2)};
+            char *endptr;
+            const unsigned long res = strtoul(buf, &endptr, 16);
+
+            if (*endptr)
+            {
+                fprintf(stderr, "%s: invalid number %s\n", __func__, buf);
+                goto failure;
+            }
 
-            ret[n++] = strtoul(buf, NULL, 16);
             url += 3;
+            ret[n++] = res;
         }
         else
         {
diff --git a/main.c b/main.c
index 7fca16d..c7481d0 100644
--- a/main.c
+++ b/main.c
@@ -1107,11 +1107,12 @@ static int parse_args(const int argc, char *const argv[],
 
             case 'p':
             {
-                const unsigned long portul = strtoul(optarg, NULL, 10);
+                char *endptr;
+                const unsigned long portul = strtoul(optarg, &endptr, 10);
 
-                if (portul > UINT16_MAX)
+                if (*endptr || portul > UINT16_MAX)
                 {
-                    fprintf(stderr, "%s: invalid port %lu\n", __func__, portul);
+                    fprintf(stderr, "%s: invalid port %s\n", __func__, optarg);
                     return -1;
                 }