From: HenrikHolst <henrik.holst@millistream.com>
Date: Thu, 3 Feb 2022 00:03:42 +0000 (+0100)
Subject: setopt: do bounds-check before strdup
X-Git-Tag: curl-7_82_0~133
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a121e8dac644d34f0f3118ac5a39b30e65c15640;p=thirdparty%2Fcurl.git

setopt: do bounds-check before strdup

Curl_setstropt() allocated memory for the string before checking if the
string was within bounds. The bounds check should be done first.

Closes #8377
---

diff --git a/lib/setopt.c b/lib/setopt.c
index 868cb63c05..c8350aa3ff 100644
--- a/lib/setopt.c
+++ b/lib/setopt.c
@@ -62,19 +62,12 @@ CURLcode Curl_setstropt(char **charp, const char *s)
   Curl_safefree(*charp);
 
   if(s) {
-    char *str = strdup(s);
+    if(strlen(s) > CURL_MAX_INPUT_LENGTH)
+      return CURLE_BAD_FUNCTION_ARGUMENT;
 
-    if(str) {
-      size_t len = strlen(str);
-      if(len > CURL_MAX_INPUT_LENGTH) {
-        free(str);
-        return CURLE_BAD_FUNCTION_ARGUMENT;
-      }
-    }
-    if(!str)
+    *charp = strdup(s);
+    if(!*charp)
       return CURLE_OUT_OF_MEMORY;
-
-    *charp = str;
   }
 
   return CURLE_OK;