From: Sohom Datta <sohomdatta1+git@gmail.com>
Date: Fri, 13 Oct 2023 21:01:16 +0000 (+0200)
Subject: tool_getparam: limit --rate to be smaller than number of ms
X-Git-Tag: curl-8_5_0~247
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8993efc2a57b04799d7b51dd31a1255aef3aa930;p=thirdparty%2Fcurl.git

tool_getparam: limit --rate to be smaller than number of ms

Currently, curl allows users to specify absurd request rates that might
be higher than the number of milliseconds in the unit (ex: curl --rate
3600050/h http://localhost:8080 does not error out despite there being
only 3600000ms in a hour).

This change adds a conditional check before the millisecond calculation
making sure that the number is not higher than the numerator (the unit)
If the number is higher, curl errors out with PARAM_NUMBER_TOO_LARGE

Closes #12116
---

diff --git a/src/tool_getparam.c b/src/tool_getparam.c
index d9772a309a..b80d65792e 100644
--- a/src/tool_getparam.c
+++ b/src/tool_getparam.c
@@ -1043,6 +1043,12 @@ ParameterError getparameter(const char *flag, /* f or -long-flag */
             break;
           }
         }
+
+        if(denominator > numerator) {
+          err = PARAM_NUMBER_TOO_LARGE;
+          break;
+        }
+
         global->ms_per_transfer = numerator/denominator;
       }
       break;