diff options
Diffstat (limited to 'lib/setopt.c')
-rw-r--r-- | lib/setopt.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/setopt.c b/lib/setopt.c index 768452ca1..6631c13fe 100644 --- a/lib/setopt.c +++ b/lib/setopt.c @@ -720,6 +720,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) argptr = (char *)va_arg(param, void *); if(argptr) { struct curl_slist *cl; + /* general protection against mistakes and abuse */ + if(strlen(argptr) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; /* append the cookie file name to the list of file names, and deal with them later */ cl = curl_slist_append(data->change.cookielist, argptr); @@ -804,6 +807,9 @@ CURLcode Curl_vsetopt(struct Curl_easy *data, CURLoption option, va_list param) /* if cookie engine was not running, activate it */ data->cookies = Curl_cookie_init(data, NULL, NULL, TRUE); + /* general protection against mistakes and abuse */ + if(strlen(argptr) > CURL_MAX_INPUT_LENGTH) + return CURLE_BAD_FUNCTION_ARGUMENT; argptr = strdup(argptr); if(!argptr || !data->cookies) { result = CURLE_OUT_OF_MEMORY; |