Skip to content

curl: fix --local-port integer overflow #3242

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from

Conversation

bagder
Copy link
Member

@bagder bagder commented Nov 6, 2018

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter

@bagder bagder force-pushed the bagder/local-port-overflow branch from 3b0467c to 2909376 Compare November 6, 2018 22:06
bagder added a commit that referenced this pull request Nov 6, 2018
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242
@bagder bagder force-pushed the bagder/local-port-overflow branch from 2909376 to 994d13a Compare November 7, 2018 07:26
@bagder bagder closed this in 52db548 Nov 7, 2018
@bagder bagder deleted the bagder/local-port-overflow branch November 7, 2018 10:49
@lock lock bot locked as resolved and limited conversation to collaborators Feb 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Development

Successfully merging this pull request may close these issues.

1 participant