From 9d7a59c8fa3faa98bc7e368baacc5756eea227e9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 11 Dec 2017 15:24:42 +0100 Subject: [PATCH] setopt: less *or equal* than INT_MAX/1000 should be fine MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and CURLOPT_SERVER_RESPONSE_TIMEOUT range checks. Reported-by: Dominik Hölzl Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html Closes #2173 --- lib/setopt.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/setopt.c b/lib/setopt.c index bd5fb54d9..f40b78e0b 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -277,7 +277,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option, * before it is considered failure. For pingpong protocols. */ arg = va_arg(param, long); - if((arg >= 0) && (arg < (INT_MAX/1000))) + if((arg >= 0) && (arg <= (INT_MAX/1000))) data->set.server_response_timeout = arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT; @@ -1202,7 +1202,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option, * operation. */ arg = va_arg(param, long); - if((arg >= 0) && (arg < (INT_MAX/1000))) + if((arg >= 0) && (arg <= (INT_MAX/1000))) data->set.timeout = arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT; @@ -1220,7 +1220,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option, * The maximum time you allow curl to use to connect. */ arg = va_arg(param, long); - if((arg >= 0) && (arg < (INT_MAX/1000))) + if((arg >= 0) && (arg <= (INT_MAX/1000))) data->set.connecttimeout = arg * 1000; else return CURLE_BAD_FUNCTION_ARGUMENT;