diff --git a/ChangeLog b/ChangeLog
index 6ca0156c7..da5a1ded5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -165,6 +165,9 @@
    - deraadt@cvs.openbsd.org 2006/03/25 18:41:45
      [ssh-agent.c]
      mark two more signal handlers ARGSUSED
+   - deraadt@cvs.openbsd.org 2006/03/25 18:43:30
+     [channels.c]
+     use strtonum() instead of atoi() [limit X screens to 400, sorry]
 
 20060325
  - OpenBSD CVS Sync
@@ -4422,4 +4425,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4282 2006/03/26 03:28:14 djm Exp $
+$Id: ChangeLog,v 1.4283 2006/03/26 03:28:32 djm Exp $
diff --git a/channels.c b/channels.c
index c838b8534..70ffd7b33 100644
--- a/channels.c
+++ b/channels.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: channels.c,v 1.244 2006/03/25 13:17:01 djm Exp $ */
+/* $OpenBSD: channels.c,v 1.245 2006/03/25 18:43:30 deraadt Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3079,7 +3079,7 @@ x11_request_forwarding_with_spoofing(int client_session_id, const char *disp,
 	if (cp)
 		cp = strchr(cp, '.');
 	if (cp)
-		screen_number = atoi(cp + 1);
+		screen_number = (u_int)strtonum(cp + 1, 0, 400, NULL);
 	else
 		screen_number = 0;