Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.
Sign upcurl: fix --local-port integer overflow #3242
Conversation
bagder
added
the
cmdline tool
label
Nov 6, 2018
bagder
force-pushed the
bagder/local-port-overflow
branch
from
3b0467c
to
2909376
Nov 6, 2018
bagder
added a commit
that referenced
this pull request
Nov 6, 2018
bagder
force-pushed the
bagder/local-port-overflow
branch
from
2909376
to
994d13a
Nov 7, 2018
bagder
closed this
in
52db548
Nov 7, 2018
bagder
deleted the
bagder/local-port-overflow
branch
Nov 7, 2018
lock
bot
locked as resolved and limited conversation to collaborators
Feb 5, 2019
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
bagder commentedNov 6, 2018
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.
Reported-by: Brian Carpenter