From 6597e6d4610d95cada3f3b2768b39705ae158e2d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Wed, 27 May 2026 23:37:12 +0200
Subject: [PATCH] tftp: avoid the timeout calc if the timeout is crazy

Avoids integer overflow when a silly value is set.

Fixes #21782
Reported-by: Mike-menny on github
Closes #21787
---
 lib/tftp.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/tftp.c b/lib/tftp.c
index 7aaf882d9b..039b7dd393 100644
--- a/lib/tftp.c
+++ b/lib/tftp.c
@@ -167,7 +167,8 @@ static CURLcode tftp_set_timeouts(struct tftp_conn *state)
   }
 
   /* Set per-block timeout to total */
-  if(timeout_ms > 0)
+  if((timeout_ms > 0) && (timeout_ms < 3600000))
+    /* do the calculation only if the timeout is "reasonable" */
     timeout = (time_t)(timeout_ms + 500) / 1000;
   else
     timeout = 15;