From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 8 Jun 2017 23:00:23 +0000 (+0200)
Subject: setopt: check CURLOPT_ADDRESS_SCOPE option range
X-Git-Tag: curl-7_54_1~12
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=844896d;p=thirdparty%2Fcurl.git

setopt: check CURLOPT_ADDRESS_SCOPE option range

... and return error instead of triggering an assert() when being way
out of range.
---

diff --git a/lib/url.c b/lib/url.c
index b33579c70a..84822d9bc2 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2616,7 +2616,10 @@ CURLcode Curl_setopt(struct Curl_easy *data, CURLoption option,
      * know that an unsigned int will always hold the value so we blindly
      * typecast to this type
      */
-    data->set.scope_id = curlx_sltoui(va_arg(param, long));
+    arg = va_arg(param, long);
+    if((arg < 0) || (arg > 0xf))
+      return CURLE_BAD_FUNCTION_ARGUMENT;
+    data->set.scope_id = curlx_sltoui(arg);
     break;
 
   case CURLOPT_PROTOCOLS: