From 51b8d30dc4ab4c08e81c1285311a0a3e34bef797 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 12 Oct 2010 00:01:40 +0200 Subject: [PATCH] SFTP: more ignoring negative file sizes As the change in 5f0ae7a0626cbe709 added a precaution against negative file sizes that for some reason managed to get returned, this change now introduces the same check at the second place in the code where the file size from the libssh2 stat call is used. This check might not be suitable for a 32 bit curl_off_t, but libssh2.h assumes long long to work and to be 64 bit so I believe such a small curl_off_t will be very unlikely to occur in the wild. --- lib/ssh.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/ssh.c b/lib/ssh.c index 026212103..314d89843 100644 --- a/lib/ssh.c +++ b/lib/ssh.c @@ -1442,6 +1442,11 @@ static CURLcode ssh_statemach_act(struct connectdata *conn, bool *block) data->state.resume_from = 0; } else { + curl_off_t size = attrs.filesize; + if(size < 0) { + failf(data, "Bad file size (%" FORMAT_OFF_T ")", size); + return CURLE_BAD_DOWNLOAD_RESUME; + } data->state.resume_from = attrs.filesize; } }