curl: Integer overflow at line 1603 in the src/operator.c file

ID H1:662412
Type hackerone
Reporter cjun
Modified 2021-02-08T07:55:42



[add summary of the vulnerability] On systems with a 64 bit, if —retry-max-time > 18446744073709552, config->retry-max-time*1000L will be overflow at line 1603 in the src/operator.c file. Similarly, the same is true for 32-bit operating systems.

Steps To Reproduce:

[add details for how we can reproduce the issue]

  1. [add step] run: curl --retry-max-time 18446744073709552 -v
  2. [add step]
  3. [add step]

Supporting Material/References:

[list any additional material (e.g. screenshots, logs, etc.)]

  • [attachment / reference]


If the integer overflow is triggered, the parameter retry-max-time will be illegal.