formdata: avoid size_t => long typecast overflows

author Daniel Stenberg <daniel@haxx.se>

Sun, 9 Jan 2022 16:00:43 +0000 (17:00 +0100)

committer Daniel Stenberg <daniel@haxx.se>

Thu, 13 Jan 2022 22:07:52 +0000 (23:07 +0100)
author Daniel Stenberg <daniel@haxx.se>
Sun, 9 Jan 2022 16:00:43 +0000 (17:00 +0100)
committer Daniel Stenberg <daniel@haxx.se>
Thu, 13 Jan 2022 22:07:52 +0000 (23:07 +0100)
diff --git a/lib/formdata.c b/lib/formdata.c

index ac7a0009cd7b90ba8701e2be1f9d7f3cfe3e16af..ce11d5b484a6939c8958cd9f8df586aa96f3051a 100644 (file)
--- a/lib/formdata.c
+++ b/lib/formdata.c
@@ -5,7 +5,7 @@
   *                            | (__| |_| |  _ <| |___
   *                             \___|\___/|_| \_\_____|
   *
- * Copyright (C) 1998 - 2021, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2022, Daniel Stenberg, <daniel@haxx.se>, et al.
   *
   * This software is licensed as described in the file COPYING, which
   * you should have received as part of this distribution. The terms
@@ -77,10 +77,15 @@ AddHttpPost(char *name, size_t namelength,
              struct curl_httppost **last_post)
  {
    struct curl_httppost *post;
+  if(!namelength && name)
+    namelength = strlen(name);
+  if((bufferlength > LONG_MAX) || (namelength > LONG_MAX))
+    /* avoid overflow in typecasts below */
+    return NULL;
    post = calloc(1, sizeof(struct curl_httppost));
    if(post) {
      post->name = name;
-    post->namelength = (long)(name?(namelength?namelength:strlen(name)):0);
+    post->namelength = (long)namelength;
      post->contents = value;
      post->contentlen = contentslength;
      post->buffer = buffer;
author	Daniel Stenberg <daniel@haxx.se>
	Sun, 9 Jan 2022 16:00:43 +0000 (17:00 +0100)
committer	Daniel Stenberg <daniel@haxx.se>
	Thu, 13 Jan 2022 22:07:52 +0000 (23:07 +0100)