From 844896d06416c9fdcacad5159f2a1a1d0293b9e5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 9 Jun 2017 01:00:23 +0200 Subject: setopt: check CURLOPT_ADDRESS_SCOPE option range ... and return error instead of triggering an assert() when being way out of range. --- lib/url.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/url.c b/lib/url.c index b33579c70..84822d9bc 100644 --- a/lib/url.c +++ b/lib/url.c @@ -2616,7 +2616,10 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option, * know that an unsigned int will always hold the value so we blindly * typecast to this type */ - data->set.scope_id = curlx_sltoui(va_arg(param, long)); + arg = va_arg(param, long); + if((arg < 0) || (arg > 0xf)) + return CURLE_BAD_FUNCTION_ARGUMENT; + data->set.scope_id = curlx_sltoui(arg); break; case CURLOPT_PROTOCOLS: -- cgit v1.2.3