1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

setopt: less *or equal* than INT_MAX/1000 should be fine

... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.

Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html

Closes #2173
This commit is contained in:
Daniel Stenberg 2017-12-11 15:24:42 +01:00
parent 2437dbbf12
commit 9d7a59c8fa
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2

View File

@ -277,7 +277,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
* before it is considered failure. For pingpong protocols. * before it is considered failure. For pingpong protocols.
*/ */
arg = va_arg(param, long); arg = va_arg(param, long);
if((arg >= 0) && (arg < (INT_MAX/1000))) if((arg >= 0) && (arg <= (INT_MAX/1000)))
data->set.server_response_timeout = arg * 1000; data->set.server_response_timeout = arg * 1000;
else else
return CURLE_BAD_FUNCTION_ARGUMENT; return CURLE_BAD_FUNCTION_ARGUMENT;
@ -1202,7 +1202,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
* operation. * operation.
*/ */
arg = va_arg(param, long); arg = va_arg(param, long);
if((arg >= 0) && (arg < (INT_MAX/1000))) if((arg >= 0) && (arg <= (INT_MAX/1000)))
data->set.timeout = arg * 1000; data->set.timeout = arg * 1000;
else else
return CURLE_BAD_FUNCTION_ARGUMENT; return CURLE_BAD_FUNCTION_ARGUMENT;
@ -1220,7 +1220,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
* The maximum time you allow curl to use to connect. * The maximum time you allow curl to use to connect.
*/ */
arg = va_arg(param, long); arg = va_arg(param, long);
if((arg >= 0) && (arg < (INT_MAX/1000))) if((arg >= 0) && (arg <= (INT_MAX/1000)))
data->set.connecttimeout = arg * 1000; data->set.connecttimeout = arg * 1000;
else else
return CURLE_BAD_FUNCTION_ARGUMENT; return CURLE_BAD_FUNCTION_ARGUMENT;