diff options
author | Daniel Stenberg <daniel@haxx.se> | 2017-08-06 20:10:40 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2017-08-07 09:38:45 +0200 |
commit | 5c7455fe7691a18e0f6a85ebe26aae861ccc5284 (patch) | |
tree | a9470b75e0d35b584557c9873885ea68a1c54cd5 /src/tool_getparam.c | |
parent | 453e7a7a03a2cec749abd3878a48e728c515cca7 (diff) | |
download | curl-5c7455fe7691a18e0f6a85ebe26aae861ccc5284.tar.gz |
curl: detect and bail out early on parameter integer overflows
Make the number parser aware of the maximum limit curl accepts for a
value and return an error immediately if larger, instead of running an
integer overflow later.
Fixes #1730
Closes #1736
Diffstat (limited to 'src/tool_getparam.c')
-rw-r--r-- | src/tool_getparam.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/src/tool_getparam.c b/src/tool_getparam.c index 089d28574..b7ee519b3 100644 --- a/src/tool_getparam.c +++ b/src/tool_getparam.c @@ -545,7 +545,8 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ GetStr(&config->oauth_bearer, nextarg); break; case 'c': /* connect-timeout */ - err = str2udouble(&config->connecttimeout, nextarg); + err = str2udouble(&config->connecttimeout, nextarg, + LONG_MAX/1000); if(err) return err; break; @@ -1047,7 +1048,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ return err; break; case 'R': /* --expect100-timeout */ - err = str2udouble(&config->expect100timeout, nextarg); + err = str2udouble(&config->expect100timeout, nextarg, LONG_MAX/1000); if(err) return err; break; @@ -1713,7 +1714,7 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */ break; case 'm': /* specified max time */ - err = str2udouble(&config->timeout, nextarg); + err = str2udouble(&config->timeout, nextarg, LONG_MAX/1000); if(err) return err; break; |