From 130b6891c8f388180d341845030a5db11fa06e7b Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 14 Feb 2025 08:46:26 +0100
Subject: [PATCH] strparse: make Curl_str_number() return error for no digits

Closes #16319
---
 lib/strparse.c | 6 ++++--
 lib/strparse.h | 1 +
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/strparse.c b/lib/strparse.c
index b43b5415af..c540148c9a 100644
--- a/lib/strparse.c
+++ b/lib/strparse.c
@@ -110,7 +110,9 @@ int Curl_str_number(const char **linep, size_t *nump, size_t max)
   size_t num = 0;
   DEBUGASSERT(linep && *linep && nump);
   *nump = 0;
-  while(ISDIGIT(**linep)) {
+  if(!ISDIGIT(**linep))
+    return STRE_NO_NUM;
+  do {
     int n = **linep - '0';
     if(num > ((SIZE_T_MAX - n) / 10))
       return STRE_OVERFLOW;
@@ -118,7 +120,7 @@ int Curl_str_number(const char **linep, size_t *nump, size_t max)
     if(num > max)
       return STRE_BIG; /** too big */
     (*linep)++;
-  }
+  } while(ISDIGIT(**linep));
   *nump = num;
   return STRE_OK;
 }
diff --git a/lib/strparse.h b/lib/strparse.h
index dfae898f5b..77171f59a1 100644
--- a/lib/strparse.h
+++ b/lib/strparse.h
@@ -33,6 +33,7 @@
 #define STRE_BYTE     5
 #define STRE_NEWLINE  6
 #define STRE_OVERFLOW 7
+#define STRE_NO_NUM   8
 
 struct Curl_str {
   const char *str;
-- 
2.47.2