aboutsummaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/setopt.c7
-rw-r--r--lib/urlapi.c8
-rw-r--r--lib/urldata.h4
3 files changed, 19 insertions, 0 deletions
diff --git a/lib/setopt.c b/lib/setopt.c
index 594303eff..da9ed3bb1 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -61,6 +61,13 @@ CURLcode Curl_setstropt(char **charp, const char *s)
if(s) {
char *str = strdup(s);
+ if(str) {
+ size_t len = strlen(str);
+ if(len > CURL_MAX_INPUT_LENGTH) {
+ free(str);
+ return CURLE_BAD_FUNCTION_ARGUMENT;
+ }
+ }
if(!str)
return CURLE_OUT_OF_MEMORY;
diff --git a/lib/urlapi.c b/lib/urlapi.c
index 0eb06d24d..57f82cac5 100644
--- a/lib/urlapi.c
+++ b/lib/urlapi.c
@@ -642,6 +642,10 @@ static CURLUcode seturl(const char *url, CURLU *u, unsigned int flags)
************************************************************/
/* allocate scratch area */
urllen = strlen(url);
+ if(urllen > CURL_MAX_INPUT_LENGTH)
+ /* excessive input length */
+ return CURLUE_MALFORMED_INPUT;
+
path = u->scratch = malloc(urllen * 2 + 2);
if(!path)
return CURLUE_OUT_OF_MEMORY;
@@ -1279,6 +1283,10 @@ CURLUcode curl_url_set(CURLU *u, CURLUPart what,
const char *newp = part;
size_t nalloc = strlen(part);
+ if(nalloc > CURL_MAX_INPUT_LENGTH)
+ /* excessive input length */
+ return CURLUE_MALFORMED_INPUT;
+
if(urlencode) {
const unsigned char *i;
char *o;
diff --git a/lib/urldata.h b/lib/urldata.h
index 8f7742082..4b09f24fd 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -79,6 +79,10 @@
*/
#define RESP_TIMEOUT (120*1000)
+/* Max string intput length is a precaution against abuse and to detect junk
+ input easier and better. */
+#define CURL_MAX_INPUT_LENGTH 8000000
+
#include "cookie.h"
#include "psl.h"
#include "formdata.h"