1
0
mirror of https://github.com/moparisthebest/curl synced 2025-01-08 20:38:18 -05:00

setopt: avoid integer overflows when setting millsecond values

... that are multiplied by 1000 when stored.

For 32 bit long systems, the max value accepted (2147483 seconds) is >
596 hours which is unlikely to ever be set by a legitimate application -
and previously it didn't work either, it just caused undefined behavior.

Also updated the man pages for these timeout options to mention the
return code.

Closes 
This commit is contained in:
Daniel Stenberg 2017-10-03 17:00:18 +02:00
parent 4440b6ad57
commit 172ce9cc19
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
4 changed files with 26 additions and 10 deletions

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@ -58,7 +58,8 @@ if(curl) {
.SH AVAILABILITY
Always
.SH RETURN VALUE
Returns CURLE_OK
Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative
value or a value that when converted to milliseconds is too large.
.SH "SEE ALSO"
.BR CURLOPT_CONNECTTIMEOUT_MS "(3), "
.BR CURLOPT_CONNECTTIMEOUT_MS "(3), "
.BR CURLOPT_TIMEOUT "(3), " CURLOPT_LOW_SPEED_LIMIT "(3), "

View File

@ -54,7 +54,9 @@ if(curl) {
.SH AVAILABILITY
Added in 7.10.8
.SH RETURN VALUE
Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not.
Returns CURLE_OK if FTP is supported, and CURLE_UNKNOWN_OPTION if not. Returns
CURLE_BAD_FUNCTION_ARGUMENT if set to a negative value or a value that when
converted to milliseconds is too large.
.SH "SEE ALSO"
.BR CURLOPT_TIMEOUT "(3), " CURLOPT_CONNECTTIMEOUT "(3), "
.BR CURLOPT_LOW_SPEED_LIMIT "(3), "

View File

@ -5,7 +5,7 @@
.\" * | (__| |_| | _ <| |___
.\" * \___|\___/|_| \_\_____|
.\" *
.\" * Copyright (C) 1998 - 2015, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
.\" *
.\" * This software is licensed as described in the file COPYING, which
.\" * you should have received as part of this distribution. The terms
@ -64,7 +64,8 @@ if(curl) {
.SH AVAILABILITY
Always
.SH RETURN VALUE
Returns CURLE_OK
Returns CURLE_OK. Returns CURLE_BAD_FUNCTION_ARGUMENT if set to a negative
value or a value that when converted to milliseconds is too large.
.SH "SEE ALSO"
.BR CURLOPT_TIMEOUT_MS "(3), "
.BR CURLOPT_TIMEOUT_MS "(3), "
.BR CURLOPT_CONNECTTIMEOUT "(3), " CURLOPT_LOW_SPEED_LIMIT "(3), "

View File

@ -875,7 +875,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
* Option that specifies how quickly an server response must be obtained
* before it is considered failure. For pingpong protocols.
*/
data->set.server_response_timeout = va_arg(param, long) * 1000;
arg = va_arg(param, long);
if((arg>=0) && (arg < (INT_MAX/1000)))
data->set.server_response_timeout = arg * 1000;
else
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLOPT_TFTP_NO_OPTIONS:
/*
@ -1725,7 +1729,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
* The maximum time you allow curl to use for a single transfer
* operation.
*/
data->set.timeout = va_arg(param, long) * 1000L;
arg = va_arg(param, long);
if((arg>=0) && (arg < (INT_MAX/1000)))
data->set.timeout = arg * 1000;
else
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLOPT_TIMEOUT_MS:
@ -1736,7 +1744,11 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
/*
* The maximum time you allow curl to use to connect.
*/
data->set.connecttimeout = va_arg(param, long) * 1000L;
arg = va_arg(param, long);
if((arg>=0) && (arg < (INT_MAX/1000)))
data->set.connecttimeout = arg * 1000;
else
return CURLE_BAD_FUNCTION_ARGUMENT;
break;
case CURLOPT_CONNECTTIMEOUT_MS: