tool_getparam: limit --rate to be smaller than number of ms

Currently, curl allows users to specify absurd request rates that might
be higher than the number of milliseconds in the unit (ex: curl --rate
3600050/h http://localhost:8080 does not error out despite there being
only 3600000ms in a hour).

This change adds a conditional check before the millisecond calculation
making sure that the number is not higher than the numerator (the unit)
If the number is higher, curl errors out with PARAM_NUMBER_TOO_LARGE

Closes #12116

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index d9772a309a49e9871b49cbac56faea471e6d21d5..b80d65792e4c35c1a00f72fd9059fae820cf0f49 100644 (file)
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1043,6 +1043,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
             break;
           }
         }
+
+        if(denominator > numerator) {
+          err = PARAM_NUMBER_TOO_LARGE;
+          break;
+        }
+
         global->ms_per_transfer = numerator/denominator;
       }
       break;