From: Jay Satiro <raysatiro@yahoo.com>
Date: Thu, 23 Apr 2020 19:08:56 +0000 (-0400)
Subject: select: fix overflow protection in Curl_socket_check
X-Git-Tag: curl-7_71_0~218
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=85eda4e87aa54b6412a81f8544939430fc89b8d9;p=thirdparty%2Fcurl.git

select: fix overflow protection in Curl_socket_check

Follow-up to a96c752 which changed the timeout_ms type from time_t to
timediff_t.

Ref: https://github.com/curl/curl/pull/5240

Closes https://github.com/curl/curl/pull/5286
---

diff --git a/lib/select.c b/lib/select.c
index d91b20a4bc..8e4c61bbdb 100644
--- a/lib/select.c
+++ b/lib/select.c
@@ -22,6 +22,8 @@
 
 #include "curl_setup.h"
 
+#include <limits.h>
+
 #ifdef HAVE_SYS_SELECT_H
 #include <sys/select.h>
 #elif defined(HAVE_UNISTD_H)
@@ -50,6 +52,7 @@
 #include "urldata.h"
 #include "connect.h"
 #include "select.h"
+#include "timeval.h"
 #include "warnless.h"
 
 /* Convenience local macros */
@@ -216,11 +219,15 @@ int Curl_socket_check(curl_socket_t readfd0, /* two sockets to read from */
   int r;
   int ret;
 
-#if SIZEOF_TIME_T != SIZEOF_INT
-  /* wrap-around precaution */
-  if(timeout_ms >= INT_MAX)
+  /* prevent overflow. timeout_ms is typecast to time_t and int. */
+#if TIMEDIFF_T_MAX > INT_MAX
+  if(timeout_ms > INT_MAX)
     timeout_ms = INT_MAX;
 #endif
+#if INT_MAX > TIME_T_MAX
+  if(timeout_ms > (int)TIME_T_MAX)
+    timeout_ms = (int)TIME_T_MAX;
+#endif
 
   if((readfd0 == CURL_SOCKET_BAD) && (readfd1 == CURL_SOCKET_BAD) &&
      (writefd == CURL_SOCKET_BAD)) {