From 4db64a6437dc9133a8a5b127da8affcaa739c894 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 25 Apr 2025 12:05:52 +0200
Subject: [PATCH] tool_paramhlp: avoid integer overflow in secs2ms()

The previous approach was wrong and could lead to wrong timeout values
getting used.

Reported-by: bsr13 on hackerone
Closes #17184
---
 src/tool_paramhlp.c    |  2 +-
 tests/data/Makefile.am |  2 +-
 tests/data/test746     | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 37 insertions(+), 2 deletions(-)
 create mode 100644 tests/data/test746

diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
index 068b0d442b..681590a2e6 100644
--- a/src/tool_paramhlp.c
+++ b/src/tool_paramhlp.c
@@ -328,7 +328,7 @@ ParameterError secs2ms(long *valp, const char *str)
   const unsigned int digs[] = { 1, 10, 100, 1000, 10000, 1000000,
     1000000, 10000000, 100000000 };
   if(!str ||
-     curlx_str_number(&str, &secs, CURL_OFF_T_MAX/100))
+     curlx_str_number(&str, &secs, LONG_MAX/1000 - 1))
     return PARAM_BAD_NUMERIC;
   if(!curlx_str_single(&str, '.')) {
     curl_off_t fracs;
diff --git a/tests/data/Makefile.am b/tests/data/Makefile.am
index 39adc2cb2d..88cbd49bcb 100644
--- a/tests/data/Makefile.am
+++ b/tests/data/Makefile.am
@@ -107,7 +107,7 @@ test709 test710 test711 test712 test713 test714 test715 test716 test717 \
 test718 test719 test720 test721 test722 test723 test724 test725 test726 \
 test727 test728 test729 test730 test731 test732 test733 test734 test735 \
 test736 test737 test738 test739 test740 test741 test742 test743 test744 \
-test745 \
+test745 test746 \
 \
 test780 test781 test782 test783 test784 test785 test786 test787 test788 \
 test789 test790 test791 \
diff --git a/tests/data/test746 b/tests/data/test746
new file mode 100644
index 0000000000..ef7a460824
--- /dev/null
+++ b/tests/data/test746
@@ -0,0 +1,35 @@
+<testcase>
+<info>
+<keywords>
+cmdline
+</keywords>
+</info>
+
+#
+# Client-side
+<client>
+<server>
+none
+</server>
+<name>
+too large numerical value passed to -m
+</name>
+<command>
+http://neverused.example/ -m 22222242222222222
+</command>
+</client>
+
+<verify>
+<errorcode>
+2
+</errorcode>
+<stderr mode="text">
+curl: option -m: expected a proper numerical parameter
+%if manual
+curl: try 'curl --help' or 'curl --manual' for more information
+%else
+curl: try 'curl --help' for more information
+%endif
+</stderr>
+</verify>
+</testcase>
-- 
2.47.3