From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 11 Dec 2017 14:24:42 +0000 (+0100)
Subject: setopt: less *or equal* than INT_MAX/1000 should be fine
X-Git-Tag: curl-7_58_0~69
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=9d7a59c8fa3faa98bc7e368baacc5756eea227e9;p=curl

setopt: less *or equal* than INT_MAX/1000 should be fine

... for the CURLOPT_TIMEOUT, CURLOPT_CONNECTTIMEOUT and
CURLOPT_SERVER_RESPONSE_TIMEOUT range checks.

Reported-by: Dominik Hölzl
Bug: https://curl.haxx.se/mail/lib-2017-12/0037.html

Closes #2173
---

diff --git a/lib/setopt.c b/lib/setopt.c
index bd5fb54d9..f40b78e0b 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -277,7 +277,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
      * before it is considered failure. For pingpong protocols.
      */
     arg = va_arg(param, long);
-    if((arg >= 0) && (arg < (INT_MAX/1000)))
+    if((arg >= 0) && (arg <= (INT_MAX/1000)))
       data->set.server_response_timeout = arg * 1000;
     else
       return CURLE_BAD_FUNCTION_ARGUMENT;
@@ -1202,7 +1202,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
      * operation.
      */
     arg = va_arg(param, long);
-    if((arg >= 0) && (arg < (INT_MAX/1000)))
+    if((arg >= 0) && (arg <= (INT_MAX/1000)))
       data->set.timeout = arg * 1000;
     else
       return CURLE_BAD_FUNCTION_ARGUMENT;
@@ -1220,7 +1220,7 @@ static CURLcode setopt(struct Curl_easy *data, CURLoption option,
      * The maximum time you allow curl to use to connect.
      */
     arg = va_arg(param, long);
-    if((arg >= 0) && (arg < (INT_MAX/1000)))
+    if((arg >= 0) && (arg <= (INT_MAX/1000)))
       data->set.connecttimeout = arg * 1000;
     else
       return CURLE_BAD_FUNCTION_ARGUMENT;