From 783df22e596f46c989cadba016d144514b68654c Mon Sep 17 00:00:00 2001
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
Date: Tue, 7 Oct 2025 15:48:36 +0800
Subject: [PATCH] vquic/ngtcp2: compare idle timeout in ms to avoid overflow

Closes #18903
---
 lib/vquic/curl_ngtcp2.c | 9 ++++++---
 lib/vquic/curl_osslq.c  | 4 ++--
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/lib/vquic/curl_ngtcp2.c b/lib/vquic/curl_ngtcp2.c
index 9851a087c1..af7f26eb39 100644
--- a/lib/vquic/curl_ngtcp2.c
+++ b/lib/vquic/curl_ngtcp2.c
@@ -2745,9 +2745,12 @@ static bool cf_ngtcp2_conn_is_alive(struct Curl_cfilter *cf,
   rp = ngtcp2_conn_get_remote_transport_params(ctx->qconn);
   if(rp && rp->max_idle_timeout) {
     timediff_t idletime_ms = curlx_timediff(curlx_now(), ctx->q.last_io);
-    if(idletime_ms > 0 &&
-      ((uint64_t)idletime_ms * NGTCP2_MILLISECONDS) > rp->max_idle_timeout)
-      goto out;
+    if(idletime_ms > 0) {
+      uint64_t max_idle_ms =
+        (uint64_t)(rp->max_idle_timeout / NGTCP2_MILLISECONDS);
+      if((uint64_t)idletime_ms > max_idle_ms)
+        goto out;
+    }
   }
 
   if(!cf->next || !cf->next->cft->is_alive(cf->next, data, input_pending))
diff --git a/lib/vquic/curl_osslq.c b/lib/vquic/curl_osslq.c
index 474ed595cb..3fd2daf92f 100644
--- a/lib/vquic/curl_osslq.c
+++ b/lib/vquic/curl_osslq.c
@@ -2254,8 +2254,8 @@ static bool cf_osslq_conn_is_alive(struct Curl_cfilter *cf,
     CURL_TRC_CF(data, cf, "negotiated idle timeout: %" FMT_PRIu64 "ms",
                 (curl_uint64_t)idle_ms);
     idletime = curlx_timediff(curlx_now(), ctx->q.last_io);
-    if(idle_ms != 0 && idletime > 0 && (uint64_t)idletime > idle_ms)
-       goto out;
+    if(idle_ms && idletime > 0 && (uint64_t)idletime > idle_ms)
+      goto out;
   }
 
 #endif
-- 
2.47.3