New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

curl: fix --local-port integer overflow #3242

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
1 participant
@bagder
Member

bagder commented Nov 6, 2018

The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter

@bagder bagder added the cmdline tool label Nov 6, 2018

@bagder bagder force-pushed the bagder/local-port-overflow branch from 3b0467c to 2909376 Nov 6, 2018

bagder added a commit that referenced this pull request Nov 6, 2018

curl: fix --local-port integer overflow
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242
curl: fix --local-port integer overflow
The tool's local port command line range parser didn't check for integer
overflows and could pass "weird" data to libcurl for this option.
libcurl however, has a strict range check for the values so it rejects
anything outside of the accepted range.

Reported-by: Brian Carpenter
Closes #3242

@bagder bagder force-pushed the bagder/local-port-overflow branch from 2909376 to 994d13a Nov 7, 2018

@bagder bagder closed this in 52db548 Nov 7, 2018

@bagder bagder deleted the bagder/local-port-overflow branch Nov 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment