From db0a0dfb0eb41d39273b0590b992df58f38b9a4d Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Mon, 29 Jul 2019 22:10:13 +0200 Subject: curl: cap the maximum allowed values for retry time arguments ... to avoid integer overflows later when multiplying with 1000 to convert seconds to milliseconds. Added test 1269 to verify. Reported-by: Jason Lee Closes #4166 --- src/tool_paramhlp.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'src/tool_paramhlp.c') diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c index 3a4286c67..c9dac4f0f 100644 --- a/src/tool_paramhlp.c +++ b/src/tool_paramhlp.c @@ -197,6 +197,28 @@ ParameterError str2unum(long *val, const char *str) return PARAM_OK; } +/* + * Parse the string and write the long in the given address if it is below the + * maximum allowed value. Return PARAM_OK on success, otherwise a parameter + * error enum. ONLY ACCEPTS POSITIVE NUMBERS! + * + * Since this function gets called with the 'nextarg' pointer from within the + * getparameter a lot, we must check it for NULL before accessing the str + * data. + */ + +ParameterError str2unummax(long *val, const char *str, long max) +{ + ParameterError result = str2unum(val, str); + if(result != PARAM_OK) + return result; + if(*val > max) + return PARAM_NUMBER_TOO_LARGE; + + return PARAM_OK; +} + + /* * Parse the string and write the double in the given address. Return PARAM_OK * on success, otherwise a parameter specific error enum. -- cgit v1.2.3