git-market/curl-curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-04-11 12:01:42 +08:00
Code Issues Actions 14 Packages Projects Releases Wiki Activity

cf-socket: avoid low risk integer overflow on ancient Solaris

Browse Source 
Spotted by Codex Security

Closes #21111
This commit is contained in:
Daniel Stenberg 2026-03-27 09:09:27 +01:00
parent 860c57dffd
commit 248b92939a
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/cf-socket.c
View File

@ -236,8 +236,15 @@ static void tcpkeepalive(struct Curl_cfilter *cf,
* Note that the consequent probes will not be sent
* at equal intervals on Solaris, but will be sent
* using the exponential backoff algorithm. */
optval = curlx_sltosi(data->set.tcp_keepcnt) *
curlx_sltosi(data->set.tcp_keepintvl);
{
int keepcnt = curlx_sltosi(data->set.tcp_keepcnt);
int keepintvl = curlx_sltosi(data->set.tcp_keepintvl);
if(keepcnt > 0 && keepintvl > (INT_MAX / keepcnt))
optval = INT_MAX;
else
optval = keepcnt * keepintvl;
}
KEEPALIVE_FACTOR(optval);
if(setsockopt(sockfd, IPPROTO_TCP, TCP_KEEPALIVE_ABORT_THRESHOLD,
(void *)&optval, sizeof(optval)) < 0) {