1
0
mirror of https://github.com/moparisthebest/curl synced 2024-12-21 23:58:49 -05:00

tool_urlglob: fix off-by-one error in glob_parse()

... causing SIGSEGV while parsing URL with too many globs.
Minimal example:

$ curl $(for i in $(seq 101); do printf '{a}'; done)

Reported-by: Romain Coltel
Bug: https://bugzilla.redhat.com/1340757
This commit is contained in:
Kamil Dudka 2016-06-03 11:26:20 +02:00
parent 873b4346ba
commit 584d0121c3
2 changed files with 3 additions and 1 deletions

View File

@ -19,6 +19,7 @@ This release includes the following bugfixes:
o URL parser: allow URLs to use one, two or three slashes [6] o URL parser: allow URLs to use one, two or three slashes [6]
o curl: fix -q [regression] [7] o curl: fix -q [regression] [7]
o openssl: Use correct buffer sizes for error messages [8] o openssl: Use correct buffer sizes for error messages [8]
o curl: fix SIGSEGV while parsing URL with too many globs [9]
This release includes the following known bugs: This release includes the following known bugs:
@ -43,3 +44,4 @@ References to bug reports and discussions on issues:
[6] = https://curl.haxx.se/bug/?i=791 [6] = https://curl.haxx.se/bug/?i=791
[7] = https://curl.haxx.se/bug/?i=842 [7] = https://curl.haxx.se/bug/?i=842
[8] = https://curl.haxx.se/bug/?i=844 [8] = https://curl.haxx.se/bug/?i=844
[9] = https://bugzilla.redhat.com/1340757

View File

@ -401,7 +401,7 @@ static CURLcode glob_parse(URLGlob *glob, char *pattern,
} }
} }
if(++glob->size > GLOB_PATTERN_NUM) if(++glob->size >= GLOB_PATTERN_NUM)
return GLOBERROR("too many globs", pos, CURLE_URL_MALFORMAT); return GLOBERROR("too many globs", pos, CURLE_URL_MALFORMAT);
} }
return res; return res;