From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 27 May 2026 21:37:12 +0000 (+0200)
Subject: tftp: avoid the timeout calc if the timeout is crazy
X-Git-Tag: rc-8_21_0-1~26
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=6597e6d4610d95cada3f3b2768b39705ae158e2d;p=thirdparty%2Fcurl.git

tftp: avoid the timeout calc if the timeout is crazy

Avoids integer overflow when a silly value is set.

Fixes #21782
Reported-by: Mike-menny on github
Closes #21787
---

diff --git a/lib/tftp.c b/lib/tftp.c
index 7aaf882d9b..039b7dd393 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -167,7 +167,8 @@ static CURLcode tftp_set_timeouts(struct tftp_conn *state)
   }
 
   /* Set per-block timeout to total */
-  if(timeout_ms > 0)
+  if((timeout_ms > 0) && (timeout_ms < 3600000))
+    /* do the calculation only if the timeout is "reasonable" */
     timeout = (time_t)(timeout_ms + 500) / 1000;
   else
     timeout = 15;