setopt: do bounds-check before strdup

Curl_setstropt() allocated memory for the string before checking if the
string was within bounds. The bounds check should be done first.

Closes #8377

diff --git a/lib/setopt.c b/lib/setopt.c
index 868cb63c058127534a99c2b367adf6a1591ef99f..c8350aa3ff8e3e7b1e4d0cb50769cfbd7a3befc0 100644 (file)
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -62,19 +62,12 @@ CURLcode Curl_setstropt(char **charp, const char *s)
   Curl_safefree(*charp);
 
   if(s) {
-    char *str = strdup(s);
+    if(strlen(s) > CURL_MAX_INPUT_LENGTH)
+      return CURLE_BAD_FUNCTION_ARGUMENT;
 
-    if(str) {
-      size_t len = strlen(str);
-      if(len > CURL_MAX_INPUT_LENGTH) {
-        free(str);
-        return CURLE_BAD_FUNCTION_ARGUMENT;
-      }
-    }
-    if(!str)
+    *charp = strdup(s);
+    if(!*charp)
       return CURLE_OUT_OF_MEMORY;
-
-    *charp = str;
   }
 
   return CURLE_OK;