CURLOPT_TIMEOUT - INT_MAX/1000

Hölzl , Dominik Mon, 11 Dec 2017 06:16:03 -0800

Hello!

I have a question about CURLOPT_TIMEOUT and the maximum configurable value:


The check is about

  case CURLOPT_TIMEOUT:
    /*
     * The maximum time you allow curl to use for a single transfer
     * operation.
     */
    arg = va_arg(param, long);
    if((arg >= 0) && (arg < (INT_MAX/1000)))
      data->set.timeout = arg * 1000;
    else
      return CURLE_BAD_FUNCTION_ARGUMENT;
    break;


so configuring a value with INT_MAX/1000 would lead to 
CURLE_BAD_FUNCTION_ARGUMENT.

Shouldn't be the check like

    if((arg >= 0) && (arg <= (INT_MAX/1000)))

?

(INT_MAX/1000) * 1000 wouldn't exceed INT_MAX.


When using CURLOPT_TIMEOUT_MS there is no upper bounds check, so setting 
CURLOPT_TIMEOUT_MS to INT_MAX would succeed.

Regards,
Dominik

-------------------------------------------------------------------
Unsubscribe: https://cool.haxx.se/list/listinfo/curl-library
Etiquette:   https://curl.haxx.se/mail/etiquette.html

CURLOPT_TIMEOUT - INT_MAX/1000

Reply via email to