rtmp: precaution for a potential integer truncation

On some platforms, socket descriptors may use types larger than int.
When these values exceed INT_MAX, conversion to int can truncate to
negative values causing RTMP connection failures, and even accidentally
affect other socket when high-value descriptors map to existing
lower-value sockets after integer conversion. This check ensures socket
values are within the safe range before passing them to the RTMP
library.

Closes #19399

diff --git a/lib/curl_rtmp.c b/lib/curl_rtmp.c
index 7006ca5eb94e54304d7976238f38ebcfa42fa1d0..779422c9ae7f059189970325881a6b48d8a79c3a 100644 (file)
--- a/lib/curl_rtmp.c
+++ b/lib/curl_rtmp.c
@@ -256,6 +256,11 @@ static CURLcode rtmp_connect(struct Curl_easy *data, bool *done)
   if(!r)
     return CURLE_FAILED_INIT;
 
+  if(conn->sock[FIRSTSOCKET] > INT_MAX) {
+    /* The socket value is invalid for rtmp. */
+    return CURLE_FAILED_INIT;
+  }
+
   r->m_sb.sb_socket = (int)conn->sock[FIRSTSOCKET];
 
   /* We have to know if it is a write before we send the