From: Daniel Stenberg <daniel@haxx.se>
Date: Tue, 23 Jul 2024 09:06:56 +0000 (+0200)
Subject: lib: survive some NULL input args
X-Git-Tag: curl-8_9_1~39
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0795014caada056dace824f6a43d12c8c1721877;p=thirdparty%2Fcurl.git

lib: survive some NULL input args

The input string pointer to:

curl_escape
curl_easy_escape
curl_unescape
curl_easy_unescape

The running_handles pointer to:

curl_multi_perform
curl_multi_socket_action
curl_multi_socket_all
curl_multi_socket

Reported-by: icy17 on github
Fixes #14247
Closes #14262
---

diff --git a/lib/escape.c b/lib/escape.c
index 4eb53ad289..1633c2da2b 100644
--- a/lib/escape.c
+++ b/lib/escape.c
@@ -60,7 +60,7 @@ char *curl_easy_escape(struct Curl_easy *data, const char *string,
   struct dynbuf d;
   (void)data;
 
-  if(inlength < 0)
+  if(!string || (inlength < 0))
     return NULL;
 
   Curl_dyn_init(&d, CURL_MAX_INPUT_LENGTH * 3);
@@ -181,7 +181,7 @@ char *curl_easy_unescape(struct Curl_easy *data, const char *string,
 {
   char *str = NULL;
   (void)data;
-  if(length >= 0) {
+  if(string && (length >= 0)) {
     size_t inputlen = (size_t)length;
     size_t outputlen;
     CURLcode res = Curl_urldecode(string, inputlen, &str, &outputlen,
diff --git a/lib/multi.c b/lib/multi.c
index 014401cf93..81bd942ff9 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2778,7 +2778,8 @@ CURLMcode curl_multi_perform(struct Curl_multi *multi, int *running_handles)
     }
   } while(t);
 
-  *running_handles = (int)multi->num_alive;
+  if(running_handles)
+    *running_handles = (int)multi->num_alive;
 
   if(CURLM_OK >= returncode)
     returncode = Curl_update_timer(multi);
@@ -3302,7 +3303,8 @@ static CURLMcode multi_socket(struct Curl_multi *multi,
   if(first)
     sigpipe_restore(&pipe_st);
 
-  *running_handles = (int)multi->num_alive;
+  if(running_handles)
+    *running_handles = (int)multi->num_alive;
   return result;
 }