tftp: avoid the timeout calc if the timeout is crazy

Avoids integer overflow when a silly value is set. Fixes #21782 Reported-by: Mike-menny on github Closes #21787
2026-06-02 02:14:36 +03:00 · 2026-05-27 23:37:12 +02:00 · 2026-05-27 23:37:12 +02:00 · 6597e6d461
commit 6597e6d461
parent d1b482caec
1 changed files with 2 additions and 1 deletions
--- a/lib/tftp.c
+++ b/lib/tftp.c
@ -167,7 +167,8 @@ static CURLcode tftp_set_timeouts(struct tftp_conn *state)
  }

  /* Set per-block timeout to total */
-  if(timeout_ms > 0)
+  if((timeout_ms > 0) && (timeout_ms < 3600000))
+    /* do the calculation only if the timeout is "reasonable" */
    timeout = (time_t)(timeout_ms + 500) / 1000;
  else
    timeout = 15;