diff --git a/src/datum_utils.c b/src/datum_utils.c
index 2c00a4d..3aabba9 100644
--- a/src/datum_utils.c
+++ b/src/datum_utils.c
@@ -33,6 +33,7 @@
  *
  */
 
+#include <assert.h>
 #include <sodium.h>
 #include <stdio.h>
 #include <stdarg.h>
@@ -703,3 +704,18 @@ uint64_t datum_siphash_mod8(const void *src, uint64_t sz, const unsigned char ke
 	SIPHASH_DOUBLE_ROUND(v0,v1,v2,v3);
 	return (v0 ^ v1) ^ (v2 ^ v3);
 }
+
+// Uses a fixed-size buffer; positive only; digits only
+// Returns -1 on failure
+int datum_atoi_strict(const char * const s, const size_t size) {
+	if (!size) return -1;
+	assert(s);
+	int ret = 0;
+	for (size_t i = 0; i < size; ++i) {
+		if (s[i] < '0' || s[i] > '9') return -1;
+		int digit = s[i] - '0';
+		if (ret > (INT_MAX - digit) / 10) return -1;
+		ret = (ret * 10) + digit;
+	}
+	return ret;
+}
diff --git a/src/datum_utils.h b/src/datum_utils.h
index 363c35a..cb18c30 100644
--- a/src/datum_utils.h
+++ b/src/datum_utils.h
@@ -69,6 +69,7 @@ long double calc_network_difficulty(const char *bits_hex);
 unsigned char floorPoT(uint64_t x);
 uint64_t datum_siphash(const void *src, uint64_t sz, const unsigned char key[16]);
 uint64_t datum_siphash_mod8(const void *src, uint64_t sz, const unsigned char key[16]);
+int datum_atoi_strict(const char *s, size_t size);
 
 
 static inline