curl / Mailing Lists / curl-library / Single Mail

curl-library

CURLOPT_TIMEOUT - INT_MAX/1000

From: Hölzl, Dominik <Dominik.Hoelzl_at_fabasoft.com>
Date: Mon, 11 Dec 2017 14:08:02 +0000

Hello!

I have a question about CURLOPT_TIMEOUT and the maximum configurable value:

The check is about

  case CURLOPT_TIMEOUT:
    /*
     * The maximum time you allow curl to use for a single transfer
     * operation.
     */
    arg = va_arg(param, long);
    if((arg >= 0) && (arg < (INT_MAX/1000)))
      data->set.timeout = arg * 1000;
    else
      return CURLE_BAD_FUNCTION_ARGUMENT;
    break;

so configuring a value with INT_MAX/1000 would lead to CURLE_BAD_FUNCTION_ARGUMENT.

Shouldn't be the check like

    if((arg >= 0) && (arg <= (INT_MAX/1000)))

?

(INT_MAX/1000) * 1000 wouldn't exceed INT_MAX.

When using CURLOPT_TIMEOUT_MS there is no upper bounds check, so setting CURLOPT_TIMEOUT_MS to INT_MAX would succeed.

Regards,
Dominik

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2017-12-11