From 5c7455fe7691a18e0f6a85ebe26aae861ccc5284 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 6 Aug 2017 20:10:40 +0200 Subject: curl: detect and bail out early on parameter integer overflows Make the number parser aware of the maximum limit curl accepts for a value and return an error immediately if larger, instead of running an integer overflow later. Fixes #1730 Closes #1736 --- src/tool_paramhlp.h | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'src/tool_paramhlp.h') diff --git a/src/tool_paramhlp.h b/src/tool_paramhlp.h index cdfbacf3f..854f52256 100644 --- a/src/tool_paramhlp.h +++ b/src/tool_paramhlp.h @@ -7,7 +7,7 @@ * | (__| |_| | _ <| |___ * \___|\___/|_| \_\_____| * - * Copyright (C) 1998 - 2014, Daniel Stenberg, , et al. + * Copyright (C) 1998 - 2017, Daniel Stenberg, , et al. * * This software is licensed as described in the file COPYING, which * you should have received as part of this distribution. The terms @@ -33,8 +33,7 @@ void cleanarg(char *str); ParameterError str2num(long *val, const char *str); ParameterError str2unum(long *val, const char *str); -ParameterError str2double(double *val, const char *str); -ParameterError str2udouble(double *val, const char *str); +ParameterError str2udouble(double *val, const char *str, long max); long proto2num(struct OperationConfig *config, long *val, const char *str); -- cgit v1.2.3