setopt: check CURLOPT_ADDRESS_SCOPE option range

... and return error instead of triggering an assert() when being way
out of range.

diff --git a/lib/url.c b/lib/url.c
index b33579c70a8fe4f0606cfa4dcb4f309027c5000e..84822d9bc2e7ac489c7c18c275946396e8d74cd4 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2616,7 +2616,10 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      * know that an unsigned int will always hold the value so we blindly
      * typecast to this type
      */
-    data->set.scope_id = curlx_sltoui(va_arg(param, long));
+    arg = va_arg(param, long);
+    if((arg < 0) || (arg > 0xf))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    data->set.scope_id = curlx_sltoui(arg);
     break;
 
   case CURLOPT_PROTOCOLS: