The JDK socket classes do range checks to check for valid port numbers:

    public Socket(String host, int port, boolean stream) throws IOException {
        this();

        String hostCopy = new String(host);

        SecurityManager security = System.getSecurityManager();
        if (security != null) {
            hostCopy = InetAddress.getByName(hostCopy).getHostAddress();
            security.checkConnect(hostCopy, port);
         }

         if (port < 0 || port > 0xFFFF) {
             throw new IllegalArgumentException("port out range:"+port);
         }

However the range check always occurs *after* the SecurityManager
gets to look at it. This means that the SecurityManager can get bogus
port numbers.

I think any argument validation check should be done before the
argument is used.

I believe this affects Socket, ServerSocket, and DatagramSocket.

sritchie -- 26 Aug 96